Vulnerability CVE-2008-4609


Published: 2008-10-20   Modified: 2012-02-12

Description:
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

Type:

CWE-noinfo

Vendor: Openbsd
Product: Openbsd 
Version:
current
4.3
4.2
4.1
4.0
3.9
3.8
3.7
3.6
3.5
3.4
3.3
3.2
3.1
See more versions on NVD
Vendor: Netbsd
Product: Netbsd 
Version:
current
4.0
3.99.15
3.1
See more versions on NVD
Vendor: Cisco
Product: IOS 
Version:
9.14
9.1
9.0
8.3
8.2
7000
4.1.2
4.1.1
4.1
See more versions on NVD
Vendor: Freebsd
Product: Freebsd 
Version:
7.1
7.0_releng
7.0_beta4
7.0
6.3_releng
6.3
6.2_releng
6.2
6.1
6.0_p5_release
6.0
5.5_stable
5.5_release
5.5
5.4
5.3
5.2.1
5.2
5.1
5.0
4.9_prerelease
4.9
4.8_prerelease
4.8
4.7
4.6.2
4.6.1
4.6
4.5
4.4
4.3
4.2
4.11_release
4.11_p20_release
4.11
4.10_prerelease
4.10
4.1.1
4.0
3.5.1
3.5
3.4
3.3
3.2
3.1
See more versions on NVD
Vendor: Microsoft
Product: Windows mobile 
Version: 6.0; 5.0;
Product: Windows ce 
Version:
5.2.318
5.1.1700
5.0
4.21.1088
4.20.1081
4.2
4.1
4.0
See more versions on NVD
Product: Windows nt 
Version:
4.0
3.5.1
3.5
3.1
See more versions on NVD
Vendor: BSD
Product: BSD 
Version:
4.4
4.3
4.2
4.1
See more versions on NVD
Vendor: BSDI
Product: Bsd os 
Version:
4.2
4.1
4.0.1
4.0
3.2
3.1
See more versions on NVD
Vendor: Linux
Product: Linux kernel 
Version: 390; 3.25;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.1/10
6.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://blog.robertlee.name/2008/10/conjecture-speculation.html
http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html
http://marc.info/?l=bugtraq&m=125856010926699&w=2
http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml
http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html
http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.outpost24.com/news/news-2008-10-02.html
http://www.us-cert.gov/cas/techalerts/TA09-251A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340
https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

Related CVE
CVE-2019-14763
In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.
CVE-2018-20961
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2019-10142
A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. A...
CVE-2018-16871
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence....
CVE-2017-18379
In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.
CVE-2016-10764
In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead.
CVE-2015-9289
In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values suc...
CVE-2012-6712
In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption.

Copyright 2019, cxsecurity.com

 

Back to Top