Windows client UDP exhaustion denial of service

Systems affected:
Windows 2000 Prof, Windows 98 probably other Windowses

Risk: Low
Date: 6 February 2001

Legal Notice:
This Advisory is Copyright (c) 2001 Georgi Guninski. You may distribute it unmodified. 
You may not modify it and distribute it or distribute parts of it without the author's 
written permission.

Disclaimer:
The opinions expressed in this advisory and program are my own and not of any company.
The usual standard disclaimer applies, especially the fact that Georgi Guninski
is not liable for any damages caused by direct or  indirect use of the information 
or functionality provided by this advisory or program.
Georgi Guninski bears no responsibility for content or misuse of this advisory or program or 
any derivatives thereof.
 

Description:
It is possible a web page or email message to consume all the usable client UDP sockets on the
computer running Windows. This leads to stopping client DNS resolution on Windows 2000 professional
and stopping all new TCP connections on Windows 98. After closing the malicous application normal
function of the system is restored though several machines spontaneously rebooted.
It is interesting to note that Linux is not affected to this vulnerability as far as I tested.
 

Details:
This exploit uses java. The idea is quite simple - create as much UDP sockets (java.net.DatagramSocket)
as possible. Other processes are prevented from creating new UDP sockets.
The java code is:
---------------------------------------------------------------------------
for(i=0;i<m;i++)
{

try { DatagramSocket d = new DatagramSocket();v.addElement(d);}
catch (Exception e) {System.out.println("Exhausted, i="+i);}
}
---------------------------------------------------------------------------

Demonstration:
http://www.guninski.com/winudpdos.html

Vendor status:
Microsoft was informed on 2 February 2001