Summary
The host is running TCP services and is prone to denial of service vulnerability.
Impact
Successful exploitation will allow remote attackers to guess sequence numbers and cause a denial of service to persistent TCP connections by repeatedly injecting a TCP RST packet.
Solution
Please see the referenced advisories for more information on obtaining and applying fixes.
Insight
The flaw is triggered when spoofed TCP Reset packets are received by the targeted TCP stack and will result in loss of availability for the attacked TCP services.
Affected
TCP/IP v4
Detection
A TCP Reset packet with a different sequence number is sent to the target. A previously open connection is then checked to see if the target closed it or not.
References
- http://www-01.ibm.com/support/docview.wss?uid=isg1IY55949
- http://www-01.ibm.com/support/docview.wss?uid=isg1IY55950
- http://www-01.ibm.com/support/docview.wss?uid=isg1IY62006
- http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html
- http://www.microsoft.com/technet/security/Bulletin/MS05-019.mspx
- http://www.microsoft.com/technet/security/bulletin/ms06-064.mspx
- http://www.osvdb.org/4030
- http://www.us-cert.gov/cas/techalerts/TA04-111A.html
- http://xforce.iss.net/xforce/xfdb/15886
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2004-0230 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities