Vulnerability CVE-2005-0356


Published: 2005-05-31   Modified: 2012-02-12

Description:
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

Type:

CWE-Other

Vendor: Microsoft
Product: Windows 2003 server 
Version:
web
standard_64-bit
standard
r2
enterprise_64-bit
enterprise
See more versions on NVD
Vendor: Nortel
Product: Universal signaling point 
Version: compact_lite; 5200;
Product: Callpilot 
Version: 703t; 702t;
Product: Business communications manager 
Version: 400;
Vendor: Alaxala
Product: Alaxala networks 
Version:
ax7800s
ax7800r
ax5400s
See more versions on NVD
Vendor: Hitachi
Product: Alaxala 
Version: ax;
Vendor: F5
Product: TMOS 
Version:
9.0.5
9.0.4
9.0.3
9.0.2
9.0.1
9.0
4.6.2
4.6
4.5.9
4.5.6
4.5.12
4.5.11
4.5.10
4.5
4.4
4.3
4.2
4.0
See more versions on NVD
Product: Big-ip 
Version:
9.0.5
9.0.4
9.0.3
9.0.2
9.0.1
9.0
4.6.2
4.6
4.5.9
4.5.6
4.5.12
4.5.11
4.5.10
4.5
4.4
4.3
4.2
4.0
See more versions on NVD
Vendor: Cisco
Product: Webns 
Version:
7.30_(00.09)s
7.30_(00.08)s
7.20_(03.10)s
7.20_(03.09)s
7.10_(05.07)s
See more versions on NVD
Product: Content services switch 11500 
Version:
7.30_(00.09)s
7.30_(00.08)s
7.20_(03.10)s
7.20_(03.09)s
7.10_(05.07)s
See more versions on NVD
Product: Ciscoworks cd1 
Version:
5th
4th
3rd
See more versions on NVD
Product: Intelligent contact manager 
Version: 5.0;
Product: Call manager 
Version: 4.0; 3.3(3);
Product: Unity server 
Version: 4.0;
Product: Sn 5428 storage router 
Version: 3.3.2-k9; 3.3.1-k9;
Product: Secure access control server solution engine 
Version: 3.3.2; 3.3.1;
Product: Secure access control server 
Version: 3.3.2; 3.3.1;
Vendor: Freebsd
Product: Freebsd 
Version:
5.4
5.3
5.2.1
5.2
5.1
5.0
4.9
4.8
4.7
4.6.2
4.6
4.5
4.4
4.3
4.2
4.11
4.10
4.1.1
4.0
3.5.1
3.5
3.4
See more versions on NVD
Vendor: Openbsd
Product: Openbsd 
Version:
3.6
3.5
3.4
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt
http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm
http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml
http://www.kb.cert.org/vuls/id/637934
http://www.securityfocus.com/bid/13676
https://exchange.xforce.ibmcloud.com/vulnerabilities/20635

Related CVE
CVE-2019-16905
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and remote code executio...
CVE-2019-8460
Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologies Ltd. discovered that OpenBSD kernel (all versions, including 6.5) can be forced to create long chains of TCP SACK holes that cause very expensive calls to tcp_sack_option() for ...
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned...
CVE-2019-6110
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transfe...
CVE-2019-6109
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes t...
CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2018-15919
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not w...
CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-...

Copyright 2019, cxsecurity.com

 

Back to Top