Vulnerability CVE-2005-0356


Published: 2005-05-31   Modified: 2012-02-12

Description:
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

Type:

CWE-Other

Vendor: Microsoft
Product: Windows 2003 server 
Version:
web
standard_64-bit
standard
r2
enterprise_64-bit
enterprise
See more versions on NVD
Vendor: Nortel
Product: Universal signaling point 
Version: compact_lite; 5200;
Product: Callpilot 
Version: 703t; 702t;
Product: Business communications manager 
Version: 400;
Vendor: Alaxala
Product: Alaxala networks 
Version:
ax7800s
ax7800r
ax5400s
See more versions on NVD
Vendor: Hitachi
Product: Alaxala 
Version: ax;
Vendor: F5
Product: TMOS 
Version:
9.0.5
9.0.4
9.0.3
9.0.2
9.0.1
9.0
4.6.2
4.6
4.5.9
4.5.6
4.5.12
4.5.11
4.5.10
4.5
4.4
4.3
4.2
4.0
See more versions on NVD
Product: Big-ip 
Version:
9.0.5
9.0.4
9.0.3
9.0.2
9.0.1
9.0
4.6.2
4.6
4.5.9
4.5.6
4.5.12
4.5.11
4.5.10
4.5
4.4
4.3
4.2
4.0
See more versions on NVD
Vendor: Cisco
Product: Webns 
Version:
7.30_(00.09)s
7.30_(00.08)s
7.20_(03.10)s
7.20_(03.09)s
7.10_(05.07)s
See more versions on NVD
Product: Content services switch 11500 
Version:
7.30_(00.09)s
7.30_(00.08)s
7.20_(03.10)s
7.20_(03.09)s
7.10_(05.07)s
See more versions on NVD
Product: Ciscoworks cd1 
Version:
5th
4th
3rd
See more versions on NVD
Product: Intelligent contact manager 
Version: 5.0;
Product: Call manager 
Version: 4.0; 3.3(3);
Product: Unity server 
Version: 4.0;
Product: Sn 5428 storage router 
Version: 3.3.2-k9; 3.3.1-k9;
Product: Secure access control server solution engine 
Version: 3.3.2; 3.3.1;
Product: Secure access control server 
Version: 3.3.2; 3.3.1;
Vendor: Freebsd
Product: Freebsd 
Version:
5.4
5.3
5.2.1
5.2
5.1
5.0
4.9
4.8
4.7
4.6.2
4.6
4.5
4.4
4.3
4.2
4.11
4.10
4.1.1
4.0
3.5.1
3.5
3.4
See more versions on NVD
Vendor: Openbsd
Product: Openbsd 
Version:
3.6
3.5
3.4
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt
http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm
http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml
http://www.kb.cert.org/vuls/id/637934
http://www.securityfocus.com/bid/13676
https://exchange.xforce.ibmcloud.com/vulnerabilities/20635

Related CVE
CVE-2019-6110
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transfe...
CVE-2019-6109
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes t...
CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2018-15919
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not w...
CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-...
CVE-2018-14775
tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.
CVE-2018-12438
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the loc...
CVE-2018-12437
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual mac...

Copyright 2019, cxsecurity.com

 

Back to Top