ID CVE-2005-0688
Summary Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-10-2018 - 15:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2011-05-16T04:00:46.822-04:00
    class vulnerability
    contributors
    • name on
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
    family windows
    id oval:org.mitre.oval:def:1288
    status accepted
    submitted 2005-04-22T12:00:00.000-04:00
    title Win2k Land Vulnerability
    version 41
  • accepted 2011-05-16T04:01:35.481-04:00
    class vulnerability
    contributors
    • name Matthew Burton
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Brendan Miles
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
    family windows
    id oval:org.mitre.oval:def:1685
    status accepted
    submitted 2005-08-18T04:00:00.000-04:00
    title WinXP Land Vulnerability
    version 44
  • accepted 2011-05-09T04:01:35.065-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    definition_extensions
    • comment Microsoft Windows XP SP1 (32-bit) is installed
      oval oval:org.mitre.oval:def:1
    • comment Microsoft Windows XP SP2 or later is installed
      oval oval:org.mitre.oval:def:521
    • comment Microsoft Windows XP SP1 (64-bit) is installed
      oval oval:org.mitre.oval:def:480
    • comment Microsoft Windows Server 2003 (x86) Gold is installed
      oval oval:org.mitre.oval:def:165
    • comment Microsoft Windows Server 2003 SP1 (x86) is installed
      oval oval:org.mitre.oval:def:565
    description Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
    family windows
    id oval:org.mitre.oval:def:482
    status accepted
    submitted 2006-10-11T05:29:41
    title Spoofed Connection Request Vulnerability
    version 45
  • accepted 2013-09-02T04:05:46.786-04:00
    class vulnerability
    contributors
    • name Matthew Burton
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Dragos Prisaca
      organization G2, Inc.
    description Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
    family windows
    id oval:org.mitre.oval:def:4978
    status accepted
    submitted 2005-08-18T04:00:00.000-04:00
    title Server 2003 Object Management Vulnerability
    version 43
refmap via4
bugtraq 20050305 Windows Server 2003 and XP SP2 LAND attack vulnerability
hp
  • HPSBST02161
  • SSRT061264
secunia 22341
vupen ADV-2006-3983
Last major update 19-10-2018 - 15:31
Published 05-03-2005 - 05:00
Last modified 19-10-2018 - 15:31
Back to Top