MS05-045: Network connection Manager DoS

SANS ISC: MS05-045: Network connection Manager DoS

SANS Site Network
- Current Site
- Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

SANS ISC InfoSec Forums

MS05-045: Network connection Manager DoS
KB: 905414 CVE: CAN-2005-2307 The Network Connection Manager is used to manage different network connections (e.g. LAN, Dialup ...). A special crafted packet send to a connection can cause the Netowrk Connection Manager to die. However, it will restart once a new request is received. Not much of a vulnerability. Requires an already authenticated (=connected) user and impact appears to be minimal. The latest versions of Windows are not vulnerable (XP-SP2, Win2k3 SP1). However, older and still popular versions are (like XP-SP1, Win2k3 pre-SP1, Win2k). Firewall best practices can be used to mitigate the issue. http://www.microsoft.com/technet/security/Bulletin/MS05-045.mspx	Joshua 34 Posts
Subscribe	Oct 11th 2005 1 decade ago

KB: 905414
CVE: CAN-2005-2307

The Network Connection Manager is used to manage different network connections (e.g. LAN, Dialup ...). A special crafted packet send to a connection can cause the Netowrk Connection Manager to die. However, it will restart once a new request is received.

Not much of a vulnerability. Requires an already authenticated (=connected) user and impact appears to be minimal. The latest versions of Windows are not vulnerable (XP-SP2, Win2k3 SP1). However, older and still popular versions are (like XP-SP1, Win2k3 pre-SP1, Win2k).

Firewall best practices can be used to mitigate the issue.

http://www.microsoft.com/technet/security/Bulletin/MS05-045.mspx

Joshua

34 Posts

Oct 11th 2005
1 decade ago