Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 DOS:WINDOWS:MS-RDP-PATTERN-DOS

Severity

 Minor

Recommended

 No

Category

 DOS

Keywords

 Windows XP RDP Denial of Service

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DOS: Windows XP RDP Denial of Service


Microsoft RDP Server shipped with Windows XP is vulnerable to a denial of service attack. This attack does not require that the client be authenticated with the RDP server because the attack happens in the negotiation before the drawing of the login screen. This vulnerability is present in Microsoft RDP 4.0, 5.0 and 5.1. It affects Windows XP and Windows .NET Standard Server Beta 3.

Extended Description

The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."

Affected Products

  • Microsoft .net_windows_server beta3
  • Microsoft .net_windows_server beta3 (:standard)
  • Microsoft windows_2000 (:advanced_server)
  • Microsoft windows_2000 (:datacenter_server)
  • Microsoft windows_2000 (:professional)
  • Microsoft windows_2000 (:server)
  • Microsoft windows_2000 (sp1)
  • Microsoft windows_2000 (sp1:advanced_server)
  • Microsoft windows_2000 (sp1:datacenter_server)
  • Microsoft windows_2000 (sp1:professional)
  • Microsoft windows_2000 (sp1:server)
  • Microsoft windows_2000 (sp2)
  • Microsoft windows_2000 (sp2:advanced_server)
  • Microsoft windows_2000 (sp2:datacenter_server)
  • Microsoft windows_2000 (sp2:professional)
  • Microsoft windows_2000 (sp2:server)
  • Microsoft windows_2000 (sp3)
  • Microsoft windows_2000 (sp3:advanced_server)
  • Microsoft windows_2000 (sp3:datacenter_server)
  • Microsoft windows_2000 (sp3:professional)
  • Microsoft windows_2000 (sp3:server)
  • Microsoft windows_2000_terminal_services (sp1)
  • Microsoft windows_2000_terminal_services (sp2)
  • Microsoft windows_2000_terminal_services (sp3)
  • Microsoft windows_xp (:64-bit)
  • Microsoft windows_xp (gold)
  • Microsoft windows_xp (gold:professional)
  • Microsoft windows_xp (:home)
  • Microsoft windows_xp (sp1)
  • Microsoft windows_xp (sp1:64-bit)
  • Microsoft windows_xp (sp1:home)

References

  • BugTraq: 5713
  • CVE: CVE-2002-0864
  • URL: http://securityvulns.com/docs3503.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out