CVE-2005-0688
published 2005-03-05CVE-2005-0688: Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with…
PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
47.44%
98.7th percentile
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
| microsoft | windows_2003_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect Land attack packets: TCP SYN where source IP == destination IP AND source port == destination port targeting Windows XP SP2 / Server 2003 hosts with Windows Firewall disabled. ↗
- →The Land attack PoC (exploit-db 861) sends a single raw TCP/IP packet with IP_DF set, TTL=255, and identical source/destination address and port; a single such packet is claimed sufficient to cause DoS ('Remote machine should be down'). ↗
- ·The Land attack (CVE-2005-0688) only affects Windows XP SP2 and Windows Server 2003 when the Windows Firewall is turned OFF; hosts with the firewall enabled are not vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4r46-5w3g-fqfc: Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP pac
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2005-0688 [MEDIUM] GHSA-4r46-5w3g-fqfc: Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP pac
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
GHSA
GHSA-5c76-645p-3q47: The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of serv
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2005-1649 [MEDIUM] GHSA-5c76-645p-3q47: The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of serv
The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
No detection rules found.
Exploit-DB
Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)
exploitdb·2005-04-17
CVE-2005-0688 Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)
Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)
---
/* ecl-winipdos.c - 16/04/05
* Yuri Gushin
* Alex Behar
*
* This one was actually interesting, an off-by-one by our beloved
* M$ :)
*
* When processing an IP packet with an option size (2nd byte after
* the option) of 39, it will crash - since the maximum available
* size is 40 for the whole IP options field, and two are already used:
* [ OPT ] [ SIZE ] [ 38 more bytes ]
* Checks are done to validate that the option-size field is less than
* 40, where a value less than !39! should be checked for validation.
*
* Note that this doesn't affect ALL options, and is also dependant upon
* the underlying protocol.
* Anyways, a small PoC to see how it works and why, tweak test and
* explore, have fun :)
*
*
* Greets fly out
Exploit-DB
Microsoft Windows XP/2003 - Remote Denial of Service
exploitdb·2005-03-07
CVE-2005-1649 Microsoft Windows XP/2003 - Remote Denial of Service
Microsoft Windows XP/2003 - Remote Denial of Service
---
/* Added Line #1 - BSD_SOURCE!!!! /str0ke */
#define _BSD_SOURCE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
/*
Windows Server 2003 and XP SP2 remote DoS exploit
Tested under OpenBSD 3.6 at WinXP SP 2
Vuln by Dejan Levaja , http://security.nnov.ru/docs7998.html
(c)oded by __blf 2005 RusH Security Team , http://rst.void.ru
Gr33tz: zZz, Phoenix, MishaSt, Inck-vizitor
Fuck lamerz: Saint_I, nmalykh, Mr. Clumsy
All rights reserved.
*/
//checksum function by r0ach
u_short checksum (u_short *addr, int len)
{
u_short *w = addr;
int i = len;
int sum = 0;
u_short answer;
while (i > 0)
{
sum += *w++;
i-=2;
}
if (i == 1) sum += *(u_char *)w;
sum = (sum >> 16) + (sum & 0xffff);
sum = su
Bugzilla
CVE-2004-0687 openmotif21 stack overflows in libxpm
bugzilla·2008-01-28·CVSS 7.5
CVE-2004-0687 [HIGH] CVE-2004-0687 openmotif21 stack overflows in libxpm
CVE-2004-0687 openmotif21 stack overflows in libxpm
Common Vulnerabilities and Exposures assigned an identifier CVE-2004-0687 to the following vulnerability:
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
References:
http://marc.theaimsgroup.com/?l=bugtraq&m=109530851323415&w=2
http://scary.beasts.org/security/CESA-2004-003.txt
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
http://www.debian.org/security/2004/dsa-560
http://www.r
Bugzilla
CVE-2004-0688 openmotif21 stack overflows in libxpm
bugzilla·2008-01-28·CVSS 7.5
CVE-2004-0688 [HIGH] CVE-2004-0688 openmotif21 stack overflows in libxpm
CVE-2004-0688 openmotif21 stack overflows in libxpm
Common Vulnerabilities and Exposures assigned an identifier CVE-2004-0688 to the following vulnerability:
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
References:
http://marc.theaimsgroup.com/?l=bugtraq&m=109530851323415&w=2
http://scary.beasts.org/security/CESA-2004-003.txt
http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924
http://www.debian.org/s
http://marc.info/?l=bugtraq&m=111005099504081&w=2http://secunia.com/advisories/22341http://www.securityfocus.com/archive/1/449179/100/0/threadedhttp://www.vupen.com/english/advisories/2006/3983https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1288https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1685https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A482https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4978http://marc.info/?l=bugtraq&m=111005099504081&w=2http://secunia.com/advisories/22341http://www.securityfocus.com/archive/1/449179/100/0/threadedhttp://www.vupen.com/english/advisories/2006/3983https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1288https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1685https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A482https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4978
2005-03-05
Published