Executive Summary

Summary
Title Sun Alert 267088 Multiple Security Vulnerabilities in Solaris TCP (see tcp(7P)) Implementation May Lead to a Denial of Service (DoS) Condition
Informations
Name SUN-267088 First vendor Publication 2009-09-09
Vendor Sun Last vendor Modification 2010-01-19
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 8, Solaris 9, Solaris 10, OpenSolaris

Multiple security vulnerabilities exist in the Solaris TCP (seetcp(7P)) implementation due to the lack of resource control mechanisms.These issues may allow a remote privileged user with real IP addressesor subnet to easily cause certain network services on the affectedsystem to become unresponsive, which is a type of Denial of Service(DoS). The extent of the impact depends on the network application.

These issues are also referenced in the following documents:

CERT-FI Advisory on the Outpost24 TCP Issues [FICORA #193744] at https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

CVE CVE-2008-4609 at http://www.security-database.com/detail.php?cve=CVE-2008-4609

US-CERT VU#723308 at http://www.security-database.com/detail.php?vu=VU723308

Sun acknowledges with thanks, Jack C. Louis and Robert E. Lee ofOutpost24, and CERT-FI for bringing these issues to our attention.

State: Workaround
First released: 09-Sep-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_267088_multiple_security

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18890
 
Oval ID: oval:org.mitre.oval:def:18890
Title: CRITICAL PATCH UPDATE JULY 2012
Description: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4609
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6340
 
Oval ID: oval:org.mitre.oval:def:6340
Title: TCP/IP Zero Window Size Vulnerability
Description: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Family: windows Class: vulnerability
Reference(s): CVE-2008-4609
Version: 1
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 5
Os 12
Os 1458
Os 5
Os 69
Os 423
Os 1
Os 1
Os 2
Os 2
Os 2
Os 1
Os 33
Os 25
Os 3
Os 1

OpenVAS Exploits

Date Description
2009-09-10 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
File : nvt/secpod_ms09-048.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62144 F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St...

61133 Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC...

59482 Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation...

58614 McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio...

58321 Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati...

58189 Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC...

57993 Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem...

57795 Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State...

57794 Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl...

57793 Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta...

50286 Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remot...

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows TCP stack zero window size exploit attempt
RuleID : 16294 - Revision : 15 - Type : OS-WINDOWS
2014-01-10 TCP window closed before receiving data
RuleID : 15912 - Revision : 10 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL10509.nasl - Type : ACT_GATHER_INFO
2010-09-01 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20090908-tcp24http.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : Multiple vulnerabilities in the Windows TCP/IP implementation could lead to d...
File : smb_nt_ms09-048.nasl - Type : ACT_GATHER_INFO