Security Database IT Watching - Alert Detail

SECURITY DATABASE

SDCON :

(High)

INTERNAL RELATED (Quick)

Related
MS09-048	(Critical)
VU#723308	(High)
cisco-sa-20090908-...	(High)
SUN-267088	(High)

OTHER

Report an error

OPEN STANDARDS

VENDOR DATABASE

INFORMATION

Name	:	CVE-2008-4609	First Publication	:	2008-10-20
Severity	:	High	Last Modification	:	2009-11-24

SCORING CVSS v2

Cvss Base Score	:	7.1	Attack Range	:	Network
Cvss Impact Score	:	6.9	Attack Complexity	:	Medium
Cvss Expoit Score	:	8.6	Authentification	:	None Required
Calculate full CVSS 2.0 Vectors scores

DETAIL

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.Please see also:
http://blog.robertlee.name/2008/10/more-detailed-response-to-gordons-post.html

and

http://www.curbrisk.com/security-blog/robert-e-lee-discusses-tcp-denial-service-vulnerability-sc-magazine.html

CWE COMMON WEAKNESS ENUMERATION

Weakness : CWE-16 - Configuration (From NVD)

OVALID

oval:org.mitre.oval:def:6340, TCP/IP Zero Window Size Vulnerability

oval:org.mitre.oval:def:229, Microsoft Windows 2000 SP4 or later is installed

oval:org.mitre.oval:def:1442, Microsoft Windows Server 2003 (ia64) SP2 is installed

oval:org.mitre.oval:def:2161, Microsoft Windows Server 2003 SP2 (x64) is installed

oval:org.mitre.oval:def:1935, Microsoft Windows Server 2003 SP2 (x86) is installed

oval:org.mitre.oval:def:4870, Microsoft Windows Server 2008 (32-bit) is installed

oval:org.mitre.oval:def:5653, Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed

oval:org.mitre.oval:def:5667, Microsoft Windows Server 2008 Itanium-Based Edition is installed

oval:org.mitre.oval:def:6150, Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed

oval:org.mitre.oval:def:5356, Microsoft Windows Server 2008 x64 Edition is installed

oval:org.mitre.oval:def:6216, Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed

oval:org.mitre.oval:def:1282, Microsoft Windows Vista (32-bit) is installed

oval:org.mitre.oval:def:4873, Microsoft Windows Vista (32-bit) Service Pack 1 is installed

oval:org.mitre.oval:def:6124, Microsoft Windows Vista (32-bit) Service Pack 2 is installed

oval:org.mitre.oval:def:2041, Microsoft Windows Vista x64 Edition is installed

oval:org.mitre.oval:def:5254, Microsoft Windows Vista x64 Edition Service Pack 1 is installed

oval:org.mitre.oval:def:5594, Microsoft Windows Vista x64 Edition Service Pack 2 is installed

oval:org.mitre.oval:def:754, Microsoft Windows XP (x86) SP2 is installed

oval:org.mitre.oval:def:5631, Microsoft Windows XP (x86) SP3 is installed

oval:org.mitre.oval:def:4193, Microsoft Windows XP x64 Edition SP2 is installed

CPE COMMON PLATFORM ENUMERATION (from Oval)

CPE COMMON PLATFORM ENUMERATION (from NVD)

OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

50286 : Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS.

57795 : Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS.

57793 : Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS.

57794 : Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS.

57993 : Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS.

58189 : Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS.

58321 : Check Point Multiple Products TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS.

58614 : McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS.

59482 : Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS.

61133 : Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS .

62144 : F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS .

SECONDARY(S) SOURCE(S)

Source : CERT
Url : http://www.us-cert.gov/cas/techalerts/TA09-251A.html

Source : CISCO
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml
Url : http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html

Source : HP
Url : http://marc.info/?l=bugtraq&m=125856010926699&w=2

Source : MISC
Url : http://blog.robertlee.name/2008/10/conjecture-speculation.html
Url : http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked
Url : http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf
Url : http://www.outpost24.com/news/news-2008-10-02.html
Url : https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

Source : MLIST
Url : http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html

Source : MS
Url : http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx