This module triggers a remote vulnerability that allows an attacker to send a NULL UDP message to an affected system, causing an infinit loop in the avahi-daemon service.
This module sends HTTP requests with specially crafted headers making Apache server consume a lot of resources. This attack prevents the victim server from accepting connections from legitimate clients and probably would make the server non-operational. The performance of this exploit depends on the contents of the path parameter. It works better when the requested path points to a static html page, and it's size is not too small.
The mod_isapi module unloads ISAPI modules before the request processing is complete, potentially leaving orphaned callback pointers behind. This can be exploited by sending a specially crafted request followed by a reset packet.
This module sends HTTP requests with incomplete headers that prevents the Apache server to accept connections from legitimate clients. When the module is stopped the server continues working normally.
Active Directory, which is an essential component of the Windows 2000 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security. The directory services provided by Active Directory are based on the Lightweight Directory Access Protocol (LDAP) and thus Active Directory objects can be stored and retrieved using the LDAP protocol. A vulnerability in Active Directory allows an attacker to crash and force a reboot of any Windows 2000 Server running the Active Directory service. The vulnerability can be triggered when an LDAP version 3 search request with many Base "Distinguised name" statements is sent to the server, resulting in a heap overflow and subsequent crash of the Lsaas.exe service. This in turn, will force a domain controller to stop responding, thus making possible a denial of service attack against it. The LDAP request does not need to be authenticated. The possibility of exploiting this vulnerability to execute arbitrary code on a vulnerable server has not been proved but is not discarded.
Active Directory, which is an essential component of the Windows 2000 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security. The directory services provided by Active Directory are based on the Lightweight Directory Access Protocol (LDAP) and thus Active Directory objects can be stored and retrieved using the LDAP protocol. A vulnerability in Active Directory allows an attacker to crash and force a reboot of any Windows 2000 Server running the Active Directory service. The vulnerability can be triggered when an LDAP version 3 search request with more than 1000 "AND" statements is sent to the server, resulting in a stack overflow and subsequent crash of the Lsaas.exe service. This in turn, will force a domain controller to stop responding, thus making possible a denial of service attack against it. The LDAP request does not need to be authenticated. The possibility of exploiting this vulnerability to execute arbitrary code on a vulnerable server has not been proved but is not discarded.
Subscribe to Denial of Service