ID CVE-2004-0899
Summary The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server_alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server_alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:alpha:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:alpha:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-10-2018 - 21:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2008-03-24T04:00:24.710-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2280
    status accepted
    submitted 2004-12-16T12:00:00.000-04:00
    title DHCP Server Logging Vulnerability (NT 4.0)
    version 75
  • accepted 2008-03-24T04:00:33.875-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."
    family windows
    id oval:org.mitre.oval:def:4282
    status accepted
    submitted 2005-01-27T12:00:00.000-04:00
    title DHCP Server Logging Vulnerability (Terminal Server)
    version 74
refmap via4
xf winnt-dhcp-machinename-dos(18341)
Last major update 12-10-2018 - 21:35
Published 10-01-2005 - 05:00
Last modified 12-10-2018 - 21:35
Back to Top