Vulnerability CVE-2008-4609


Published: 2008-10-20   Modified: 2012-02-12

Description:
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

Type:

CWE-noinfo

Vendor: Openbsd
Product: Openbsd 
Version:
current
4.3
4.2
4.1
4.0
3.9
3.8
3.7
3.6
3.5
3.4
3.3
3.2
3.1
See more versions on NVD
Vendor: Netbsd
Product: Netbsd 
Version:
current
4.0
3.99.15
3.1
See more versions on NVD
Vendor: Cisco
Product: IOS 
Version:
9.14
9.1
9.0
8.3
8.2
7000
4.1.2
4.1.1
4.1
See more versions on NVD
Vendor: Freebsd
Product: Freebsd 
Version:
7.1
7.0_releng
7.0_beta4
7.0
6.3_releng
6.3
6.2_releng
6.2
6.1
6.0_p5_release
6.0
5.5_stable
5.5_release
5.5
5.4
5.3
5.2.1
5.2
5.1
5.0
4.9_prerelease
4.9
4.8_prerelease
4.8
4.7
4.6.2
4.6.1
4.6
4.5
4.4
4.3
4.2
4.11_release
4.11_p20_release
4.11
4.10_prerelease
4.10
4.1.1
4.0
3.5.1
3.5
3.4
3.3
3.2
3.1
See more versions on NVD
Vendor: Microsoft
Product: Windows mobile 
Version: 6.0; 5.0;
Product: Windows ce 
Version:
5.2.318
5.1.1700
5.0
4.21.1088
4.20.1081
4.2
4.1
4.0
See more versions on NVD
Product: Windows nt 
Version:
4.0
3.5.1
3.5
3.1
See more versions on NVD
Vendor: BSD
Product: BSD 
Version:
4.4
4.3
4.2
4.1
See more versions on NVD
Vendor: BSDI
Product: Bsd os 
Version:
4.2
4.1
4.0.1
4.0
3.2
3.1
See more versions on NVD
Vendor: Linux
Product: Linux kernel 
Version: 390; 3.25;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.1/10
6.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://blog.robertlee.name/2008/10/conjecture-speculation.html
http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html
http://marc.info/?l=bugtraq&m=125856010926699&w=2
http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml
http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html
http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.outpost24.com/news/news-2008-10-02.html
http://www.us-cert.gov/cas/techalerts/TA09-251A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340
https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

Related CVE
CVE-2019-6974
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2016-10741
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of ...
CVE-2017-18360
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
CVE-2018-16880
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory co...
CVE-2019-3819
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up...
CVE-2019-5489
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this af...
CVE-2019-3701
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN driver...
CVE-2018-16885
A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault...

Copyright 2019, cxsecurity.com

 

Back to Top