Vulnerability CVE-2005-0356


Published: 2005-05-31   Modified: 2012-02-12

Description:
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Yamaha -> Rt105 
Yamaha -> Rt250i 
Yamaha -> Rt300i 
Yamaha -> Rt57i 
Yamaha -> Rtv700 
Yamaha -> Rtx1000 
Yamaha -> Rtx1100 
Yamaha -> Rtx1500 
Yamaha -> Rtx2000 
Openbsd -> Openbsd 
Nortel -> Optical metro 5000 
Nortel -> Optical metro 5100 
Nortel -> Optical metro 5200 
Nortel -> Succession communication server 1000 
Nortel -> Survivable remote gateway 
Nortel -> Universal signaling point 
Nortel -> Business communications manager 
Nortel -> Callpilot 
Nortel -> Contact center 
Nortel -> 7220 wlan access point 
Nortel -> 7250 wlan access point 
Nortel -> Ethernet routing switch 1612 
Nortel -> Ethernet routing switch 1624 
Nortel -> Ethernet routing switch 1648 
Microsoft -> Windows 2000 
Microsoft -> Windows 2003 server 
Microsoft -> Windows xp 
Hitachi -> Alaxala 
Hitachi -> Gr3000 
Hitachi -> Gr4000 
Hitachi -> Gs4000 
Freebsd -> Freebsd 
F5 -> Big-ip 
F5 -> TMOS 
Cisco -> Remote monitoring suite option 
Cisco -> Content services switch 11150 
Cisco -> Ciscoworks 1105 wireless lan solution engine 
Cisco -> Agent desktop 
Cisco -> Secure access control server 
Cisco -> Content services switch 11500 
Cisco -> Ciscoworks cd1 
Cisco -> Ciscoworks access control list manager 
Cisco -> Secure access control server solution engine 
Cisco -> Content services switch 11501 
Cisco -> Ciscoworks windows wug 
Cisco -> Ciscoworks common management foundation 
Cisco -> Support tools 
Cisco -> Content services switch 11503 
Cisco -> Conference connection 
Cisco -> Ciscoworks common services 
Cisco -> Web collaboration option 
Cisco -> Content services switch 11506 
Cisco -> Mgx 8230 
Cisco -> Ciscoworks lms 
Cisco -> Content services switch 11800 
Cisco -> Mgx 8250 
Cisco -> Ciscoworks vpn security management solution 
Cisco -> Sn 5420 storage router 
Cisco -> Sn 5428 storage router 
Cisco -> Ciscoworks windows 
Cisco -> Unity server 
Cisco -> E-mail manager 
Cisco -> Emergency responder 
Cisco -> Intelligent contact manager 
Cisco -> Interactive voice response 
Cisco -> Aironet ap1200 
Cisco -> Ip contact center enterprise 
Cisco -> Aironet ap350 
Cisco -> Webns 
Cisco -> Ip contact center express 
Cisco -> Call manager 
Cisco -> Sn 5420 storage router firmware 
Cisco -> Meetingplace 
Cisco -> Content services switch 11000 
Cisco -> Personal assistant 
Cisco -> Content services switch 11050 
Cisco -> Ciscoworks 1105 hosting solution engine 
Alaxala -> Alaxala networks 

 References:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt
http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm
http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml
http://www.kb.cert.org/vuls/id/637934
http://www.securityfocus.com/bid/13676
https://exchange.xforce.ibmcloud.com/vulnerabilities/20635

Copyright 2024, cxsecurity.com

 

Back to Top