CVE-2004-0899
First published: Wed Dec 15 2004(Updated: )
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows NT | =4.0 | |
| Microsoft Windows NT | =4.0-sp4 | |
| Microsoft Windows NT | =4.0-sp3 | |
| Microsoft Windows NT | =4.0-sp2 | |
| Microsoft Windows NT | =4.0 | |
| Microsoft Windows NT | =4.0-sp5 | |
| Microsoft Windows NT | =4.0-sp6 | |
| Microsoft Windows NT | =4.0 | |
| Microsoft Windows NT | =4.0-sp1 | |
| Microsoft Windows NT | =4.0 | |
| Microsoft Windows NT | =4.0-sp3 | |
| Microsoft Windows NT | =4.0-sp6 | |
| Microsoft Windows NT | =4.0-sp6 | |
| Microsoft Windows NT | =4.0-sp4 | |
| Microsoft Windows NT | =4.0-sp6a | |
| Microsoft Windows NT | =4.0-sp1 | |
| Microsoft Windows NT | =4.0-sp5 | |
| Microsoft Windows NT | =4.0-sp2 | |
| Microsoft Windows NT | =4.0-sp1 | |
| Microsoft Windows NT | =4.0-sp4 | |
| Microsoft Windows NT | =4.0-sp6 | |
| Microsoft Windows NT | =4.0-sp3 | |
| Microsoft Windows NT | =4.0 | |
| Microsoft Windows NT | =4.0-sp4 | |
| Microsoft Windows NT | =4.0-sp6a | |
| Microsoft Windows NT | =4.0-sp6a | |
| Microsoft Windows NT | =4.0 | |
| Microsoft Windows NT | =4.0-sp4 | |
| Microsoft Windows NT | =4.0-sp6 | |
| Microsoft Windows NT | =4.0-sp2 | |
| Microsoft Windows NT | =4.0-sp1 | |
| Microsoft Windows NT | =4.0-sp1 | |
| Microsoft Windows NT | =4.0-sp2 | |
| Microsoft Windows NT | =4.0-sp5 | |
| Microsoft Windows NT | =4.0-sp6a | |
| Microsoft Windows NT | =4.0-sp3 | |
| Microsoft Windows NT | =4.0-sp3 | |
| Microsoft Windows NT | =4.0-sp5 | |
| Microsoft Windows NT | =4.0-sp5 | |
| Microsoft Windows NT | =4.0-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18341
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4282
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2280
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-042
Frequently Asked Questions
What is the severity of CVE-2004-0899?
The severity of CVE-2004-0899 is rated as medium, indicating a potential for denial of service due to malformed DHCP messages.
How do I fix CVE-2004-0899?
To fix CVE-2004-0899, it is recommended to disable DHCP logging or apply relevant patches provided by Microsoft for affected Windows NT 4.0 versions.
Who is affected by CVE-2004-0899?
CVE-2004-0899 affects Microsoft Windows NT 4.0 Server and Terminal Server Edition when DHCP logging is enabled.
What is the impact of CVE-2004-0899?
The impact of CVE-2004-0899 can lead to a denial of service where the DHCP server application may crash upon receiving malformed messages.
Is there a known exploit for CVE-2004-0899?
Yes, there are known exploits that demonstrate how attackers can leverage CVE-2004-0899 to cause a denial of service.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- product/windows nt
- canonical/microsoft windows nt
- version/microsoft windows nt/4.0
- version/microsoft windows nt/4.0-sp1
- version/microsoft windows nt/4.0-sp2
- version/microsoft windows nt/4.0-sp3
- version/microsoft windows nt/4.0-sp4
- version/microsoft windows nt/4.0-sp5
- version/microsoft windows nt/4.0-sp6
- version/microsoft windows nt/4.0-sp6a