| Vulnerability Name: | CVE-2005-0065 (CCN-17170) | ||||||||
| Assigned: | 2004-09-01 | ||||||||
| Published: | 2004-09-01 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. Note: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu May 26 2005 - 12:08:50 CDT [security bulletin] SSRT4884 rev.0 - HP-UX TCP/IP Remote Denial of Service (DoS) Source: MITRE Type: CNA CVE-2004-0790 Source: MITRE Type: CNA CVE-2005-0065 Source: MITRE Type: CNA CVE-2005-0066 Source: MITRE Type: CNA CVE-2005-0067 Source: MITRE Type: CNA CVE-2005-0068 Source: CCN Type: BlueCoat Download Web page ProxySG Secure Proxy Appliance Source: CCN Type: NetApp Web site NetApp On the Web Source: CCN Type: SA18317 SCO OpenServer ICMP Message Handling Denial of Service Source: CCN Type: SA22341 Microsoft Windows Multiple IPv6 Denial of Service Vulnerabilities Source: CCN Type: ASA-2006-217 Windows Security Updates for October 2006 - (MS06-056 - MS06-065) Source: CCN Type: Blue Coat Security Advisory July 19, 2005 Security Advisory: ICMP Error Message Vulnerabilities Source: CCN Type: CIAC INFORMATION BULLETIN P-177 Vulnerabilities in TCP-IP (893066) Source: CCN Type: CIAC INFORMATION BULLETIN P-181 Cisco Products Vulnerable to DoS via Crafted ICMP Messages Source: CCN Type: Cisco Web site Cisco IP Phone 7970G Release Notes for Firmware Release 6.0(1) SR1 for Cisco CallManager Versions 3.3 and 4.0 Source: CCN Type: Cisco Security Advisory 2005 April 12 1200 UTC (GMT) Crafted ICMP Messages Can Cause Denial of Service Source: CCN Type: Gont's Web site ICMP attacks against TCP Source: MISC Type: UNKNOWN http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html Source: CCN Type: US-CERT VU#222750 TCP/IP implementations do not adequately validate ICMP error messages Source: CCN Type: Microsoft Security Bulletin MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) Source: CCN Type: Microsoft Security Bulletin MS06-032 Vulnerability in TCP/IP Could Allow Remote Code Execution (917953) Source: CCN Type: Microsoft Security Bulletin MS06-064 Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819) Source: CCN Type: Microsoft Security Bulletin MS08-001 Vulnerabilities in TCP/IP Could Allow Remote Code Execution (941644) Source: CCN Type: Microsoft Security Bulletin MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456) Source: CCN Type: OpenBSD 3.4 errata Web site 027: RELIABILITY FIX: August 25, 2004 Source: CCN Type: OSVDB ID: 15620 Multiple Vendor TCP Implementation Malformed Sequence Number Range Issue Source: CCN Type: OSVDB ID: 15621 Multiple Vendor TCP Implementation Acknowledgement Number Checking Issue Source: CCN Type: OSVDB ID: 15622 Multiple Vendor TCP Implementation Port Randomization Weakness Source: CCN Type: OSVDB ID: 15623 Multiple Vendor ICMP Implementation Host-generated ICMP Error Message Authentication Weakness Source: BID Type: UNKNOWN 13124 Source: CCN Type: BID-13124 Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of Service Vulnerabilities Source: CCN Type: Hewlett-Packard Company Web site IT Resource Center - login / register Source: CCN Type: Internet-Draft of ICMP attacks ICMP attacks against TCP draft-gont-tcpm-icmp-attacks-03.txt Source: XF Type: UNKNOWN icmp-protocol-unreachable-tcp(17170) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||