Vulnerability CVE-2008-4609


Published: 2008-10-20   Modified: 2012-02-12

Description:
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

Type:

CWE-noinfo

Vendor: Openbsd
Product: Openbsd 
Version:
current
4.3
4.2
4.1
4.0
3.9
3.8
3.7
3.6
3.5
3.4
3.3
3.2
3.1
See more versions on NVD
Vendor: Netbsd
Product: Netbsd 
Version:
current
4.0
3.99.15
3.1
See more versions on NVD
Vendor: Cisco
Product: IOS 
Version:
9.14
9.1
9.0
8.3
8.2
7000
4.1.2
4.1.1
4.1
See more versions on NVD
Vendor: Freebsd
Product: Freebsd 
Version:
7.1
7.0_releng
7.0_beta4
7.0
6.3_releng
6.3
6.2_releng
6.2
6.1
6.0_p5_release
6.0
5.5_stable
5.5_release
5.5
5.4
5.3
5.2.1
5.2
5.1
5.0
4.9_prerelease
4.9
4.8_prerelease
4.8
4.7
4.6.2
4.6.1
4.6
4.5
4.4
4.3
4.2
4.11_release
4.11_p20_release
4.11
4.10_prerelease
4.10
4.1.1
4.0
3.5.1
3.5
3.4
3.3
3.2
3.1
See more versions on NVD
Vendor: Microsoft
Product: Windows mobile 
Version: 6.0; 5.0;
Product: Windows ce 
Version:
5.2.318
5.1.1700
5.0
4.21.1088
4.20.1081
4.2
4.1
4.0
See more versions on NVD
Product: Windows nt 
Version:
4.0
3.5.1
3.5
3.1
See more versions on NVD
Vendor: BSD
Product: BSD 
Version:
4.4
4.3
4.2
4.1
See more versions on NVD
Vendor: BSDI
Product: Bsd os 
Version:
4.2
4.1
4.0.1
4.0
3.2
3.1
See more versions on NVD
Vendor: Linux
Product: Linux kernel 
Version: 390; 3.25;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.1/10
6.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://blog.robertlee.name/2008/10/conjecture-speculation.html
http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html
http://marc.info/?l=bugtraq&m=125856010926699&w=2
http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml
http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html
http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.outpost24.com/news/news-2008-10-02.html
http://www.us-cert.gov/cas/techalerts/TA09-251A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340
https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

Related CVE
CVE-2019-11191
The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aou...
CVE-2019-11190
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition wh...
CVE-2019-3460
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
CVE-2019-3459
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
CVE-2019-3837
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabl...
CVE-2019-3887
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled....
CVE-2018-20449
The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.
CVE-2019-8956
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

Copyright 2019, cxsecurity.com

 

Back to Top