Oval Definition:	oval:org.mitre.oval:def:5965
Revision Date: 2009-10-19 Version: 21 Title: TCP/IP Orphaned Connections Vulnerability Description: Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2009-1926 Platform(s): Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Product(s): Definition Synopsis Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed OR Windows XP SP2/SP3 Microsoft Windows XP (x86) SP2 is installed OR Microsoft Windows XP (x86) SP3 is installed OR Microsoft Windows XP x64 Edition SP2 is installed OR Windows Server 2003 X86/X64/IA64 SP2 OS section Microsoft Windows Server 2003 SP2 (x86) is installed OR Microsoft Windows Server 2003 SP2 (x64) is installed OR Microsoft Windows Server 2003 (ia64) SP2 is installed AND vulnerable version the version of Tcpip.sys is less than 5.2.3790.4573 OR The version of Tcpip6.sys is less than 5.2.3790.4573 OR Windows Vista x86/x64 OS section Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed AND The version of Tcpip.sys is less than 6.0.6000.16908 AND the version of Tcpip.sys is greater than or equal 6.0.6000.16000 OR Windows Vista x86/x64 SP1, Windows Server 2008 x86/x64/ia64 OS section Microsoft Windows Vista (32-bit) Service Pack 1 is installed OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND The version of Tcpip.sys is less than 6.0.6001.18311 AND the version of Tcpip.sys is greater than or equal 6.0.6001.18000 OR Windows Vista x86/x64 SP2, Windows Server 2008 x86/x64/ia64 SP2 OS section Microsoft Windows Vista (32-bit) Service Pack 2 is installed OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND The version of Tcpip.sys is less than 6.0.6002.18091 AND the version of Tcpip.sys is greater than or equal 6.0.6002.18000 OR Windows Vista x86/x64 OS section Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed AND The version of Tcpip.sys is less than 6.0.6000.21108 AND the version of Tcpip.sys is greater than or equal 6.0.6000.20000 OR Windows Vista x86/x64 SP1, Windows Server 2008 x86/x64/ia64 OS section Microsoft Windows Vista (32-bit) Service Pack 1 is installed OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND The version of Tcpip.sys is less than 6.0.6001.22497 AND the version of Tcpip.sys is greater than or equal 6.0.6001.22000 OR Windows Vista x86/x64 SP2, Windows Server 2008 x86/x64/ia64 SP2 OS section Microsoft Windows Vista (32-bit) Service Pack 2 is installed OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND The version of Tcpip.sys is less than 6.0.6002.22200 AND the version of Tcpip.sys is greater than or equal 6.0.6002.22000
BACK