CVE-1999-0815

Step 1: Target Identification: The attacker identifies Windows NT 4.0 systems with the SNMP service enabled, typically by port scanning (UDP port 161). Step 2: Query Generation: The attacker crafts a large number of SNMP queries. These queries can be valid or invalid, as the vulnerability lies in the memory allocation and deallocation process, not the query content itself. Step 3: Query Transmission: The attacker sends the crafted SNMP queries to the target system via UDP port 161. Step 4: Memory Allocation: The SNMP agent receives and processes each query, allocating memory to handle the request. Step 5: Memory Leak: The SNMP agent fails to release the allocated memory after processing each query. Step 6: Resource Exhaustion: The attacker continues sending queries, causing the memory usage to steadily increase. Step 7: Denial of Service: As the system runs out of available memory, it becomes unstable, leading to performance degradation, application crashes, and ultimately, a denial-of-service condition.

The vulnerability stems from a memory leak within the Simple Network Management Protocol (SNMP) agent in Windows NT 4.0. The agent fails to properly release allocated memory after processing SNMP queries. Specifically, when handling a large number of SNMP requests, the agent repeatedly allocates memory for processing each query but does not free it after completion. This leads to a gradual consumption of system memory. Over time, the accumulated memory usage grows linearly with the number of queries. Eventually, the system exhausts available memory, leading to performance degradation, application crashes, and ultimately, a denial-of-service condition.