| Vulnerability Name: | CCN-464 | ||||||
| Published: | 1996-02-01 | ||||||
| Updated: | 1996-02-01 | ||||||
| Summary: | Denial of service attacks can occur when a connection is made between two UDP services. The chargen (port 19) and echo (port 7) services can be spoofed into sending data from one service to another. This action causes an infinite loop and creates a denial of service attack. The attack can consume increasing amounts of network bandwidth, causing loss of performance or a total shutdown of the affected network segments. This attack can effectively disable your Unix server by causing it to spend all its time processing packets that it has echoed back to itself. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||
| Vulnerability Consequences: | Denial of Service | ||||||
| References: | Source: CCN Type: Caldera International, Inc. Security Advisory SA-1997.33 Vulnerabilities in "inetd" in netkit-base-0.10-1 Source: CCN Type: BugTraq Mailing List, Wed, 21 Oct 1998 12:00:36 -0400 Re: Alert: IE 4.0 Security Zone compromise Source: CCN Type: Cisco Systems White Paper Defining Strategies to Protect Against UDP Diagnostic Port Denial of Service Attacks Source: CCN Type: Novell Technical Information Document #2946023 TCPIP blocking ports (7, 9, 19, etc) Source: CCN Type: CERT Advisory CA-1996-01 UDP Port Denial-of-Service Attack Source: XF Type: UNKNOWN udp-dos(464) Source: CCN Type: Microsoft Knowledge Base Article 154460 Denial of Service Attack Against WinNT Simple TCP/IP Services | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||