Vulnerability Name:

CVE-2004-0791 (CCN-17429)

Assigned:2004-08-17
Published:2005-04-12
Updated:2018-10-30
Summary:Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack."
Note: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: SCO
Type: UNKNOWN
SCOSA-2006.4

Source: CCN
Type: BugTraq Mailing List, Thu May 26 2005 - 12:08:50 CDT
[security bulletin] SSRT4884 rev.0 - HP-UX TCP/IP Remote Denial of Service (DoS)

Source: MITRE
Type: CNA
CVE-2004-0791

Source: HP
Type: UNKNOWN
SSRT4743

Source: CCN
Type: NetApp Web site
NetApp On the Web

Source: CCN
Type: RHSA-2005-016
kernel security update

Source: CCN
Type: RHSA-2005-017
kernel security update

Source: CCN
Type: RHSA-2005-043
kernel security update

Source: CCN
Type: SA18317
SCO OpenServer ICMP Message Handling Denial of Service

Source: SECUNIA
Type: UNKNOWN
18317

Source: SREASON
Type: UNKNOWN
19

Source: SREASON
Type: UNKNOWN
57

Source: SUNALERT
Type: UNKNOWN
101658

Source: SUNALERT
Type: Vendor Advisory
57746

Source: CCN
Type: CIAC INFORMATION BULLETIN P-181
Cisco Products Vulnerable to DoS via Crafted ICMP Messages

Source: CCN
Type: cisco-sa-20050412-icmp
Crafted ICMP Messages Can Cause Denial of Service

Source: MISC
Type: UNKNOWN
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html

Source: CCN
Type: NISCC Vulnerability Advisory 532967
Vulnerability Issues in ICMP packets with TCP payloads

Source: REDHAT
Type: UNKNOWN
RHSA-2005:016

Source: REDHAT
Type: UNKNOWN
RHSA-2005:017

Source: REDHAT
Type: UNKNOWN
RHSA-2005:043

Source: HP
Type: UNKNOWN
HPSBUX01164

Source: FEDORA
Type: UNKNOWN
FLSA:157459-1

Source: FEDORA
Type: UNKNOWN
FLSA:157459-2

Source: BID
Type: UNKNOWN
13124

Source: CCN
Type: BID-13124
Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of Service Vulnerabilities

Source: MISC
Type: Vendor Advisory
http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en

Source: MISC
Type: UNKNOWN
http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt

Source: CCN
Type: Hewlett-Packard Company Web site
IT Resource Center - login / register

Source: CCN
Type: Internet-Draft of ICMP attacks
ICMP attacks against TCP draft-gont-tcpm-icmp-attacks-03.txt

Source: XF
Type: UNKNOWN
tcp-ip-source-quench-dos(17429)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10228

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1112

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:184

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:464

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:596

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:688

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:726

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:compaq:tru64:4.0f:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0g:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1a:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ip_phone_7960:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:windriver:vxworks:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ip_phone_7940:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:catalyst_6608:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:catalyst_6624:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:junos:-:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:184
    V
    		HP-UX 11.11 ICMP Source Quench Attack Vulnerability
    2014-03-24
    oval:org.mitre.oval:def:596
    V
    		HP-UX 11.11 or 11.23 ICMP Source Quench Attack Vulnerability
    2014-03-24
    oval:org.mitre.oval:def:688
    V
    		HP-UX 11.23 ICMP Source Quench Attack Vulnerability
    2014-03-10
    oval:org.mitre.oval:def:10228
    V
    		Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
    2013-04-29
    oval:org.mitre.oval:def:726
    V
    		HP-UX 11.00 ICMP Source Quench Attack Vulnerability
    2011-05-09
    oval:org.mitre.oval:def:464
    V
    		Solaris 8, 9, 10 ICMP Source Quench Attack Vulnerability
    2011-05-09
    oval:org.mitre.oval:def:1112
    V
    		HP-UX 11.04 ICMP Source Quench Attack Vulnerability
    2011-05-09
    oval:com.redhat.rhsa:def:20050043
    P
    		RHSA-2005:043: kernel security update (Important)
    2005-01-18
    BACK
    sun solaris 9.0
    sun solaris 10.0
    sun sunos 5.7
    sun sunos 5.8
    compaq tru64 4.0f
    compaq tru64 4.0g
    compaq tru64 5.1a
    cisco ip phone 7960 *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    hp hp-ux b.11.00
    hp hp-ux b.11.11
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    windriver vxworks 5
    redhat enterprise linux 3
    hp hp-ux b.11.23
    cisco ip phone 7940 *
    cisco catalyst 6608 *
    cisco catalyst 6624 *
    cisco ios xr *
    juniper junos -
    redhat linux advanced workstation 2.1