5 - CVE-2004-1060

Executive Summary

Informations
Name	CVE-2004-1060	First vendor Publication	2004-04-12
Vendor	Cve	Last vendor Modification	2018-10-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1060

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:181

Oval ID:	oval:org.mitre.oval:def:181
Title:	HP-UX 11.00 Path MTU Discovery Attack Vulnerability
Description:	Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-1060	Version:	6
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
700 Series or 800 Series OS Release 11.00 700 Series OS Release 11.00 700-series HP AND HP Release B.11.00 OR 800 Series OS Release 11.00 800-series HP AND HP Release B.11.00 AND NOT Patch PHNE_33395 is installed

Definition Id: oval:org.mitre.oval:def:196

Oval ID:	oval:org.mitre.oval:def:196
Title:	HP-UX 11.11 Path MTU Discovery Attack Vulnerability
Description:	Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-1060	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
700 Series or 800 Series OS Release 11.11 700 Series OS Release 11.11 700-series HP AND HP Release B.11.11 OR 800 Series OS Release 11.11 800-series HP AND HP Release B.11.11 AND NOT Patch PHNE_33159 is installed

Definition Id: oval:org.mitre.oval:def:2188

Oval ID:	oval:org.mitre.oval:def:2188
Title:	Win2k Path MTU Discovery Attack Vulnerability
Description:	Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-1060	Version:	5
Platform(s):	Microsoft Windows 2000	Product(s):
Definition Synopsis:
Software section Windows 2000 is installed AND Win2K/XP/2003 service pack 4 (or earlier) is installed AND the version of Tcpip.sys is less than 5.0.2195.7035 AND NOT the patch KB893066 is installed AND Configuration section NOT Enable Path MTU Discovery is Disabled

Definition Id: oval:org.mitre.oval:def:3826

Oval ID:	oval:org.mitre.oval:def:3826
Title:	WinXP Path MTU Discovery Attack Vulnerability
Description:	Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-1060	Version:	7
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Software section Windows XP is installed AND 32-bit version of Windows or 64-bit (itanium architecture) version of Windows is installed 32-Bit version of Windows is installed AND a version of Windows for the ia64 architecture is installed AND Win2K/XP/2003 service pack 2 (or earlier) is installed AND A vulnerable version of tcpip.sys is installed. Service Pack 1 is installed and tcpip.sys is less than 5.1.2600.1693 Win2K/XP/2003/Vista service pack 1 is installed AND the version of Tcpip.sys is less than 5.1.2600.1693 OR Service Pack 2 is installed and tcpip.sys is less than 5.1.2600.2685 Win2K/XP/2003/Vista/2008 Service Pack 2 is installed AND the version of Tcpip.sys is less than 5.1.2600.2685 AND NOT the patch KB893066 is installed AND Configuration section NOT Enable Path MTU Discovery is Disabled

Definition Id: oval:org.mitre.oval:def:405

Oval ID:	oval:org.mitre.oval:def:405
Title:	HP-UX 11.23 Path MTU Discovery Attack Vulnerability
Description:	Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-1060	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
700 Series or 800 Series OS Release 11.23 700 Series OS Release 11.23 700-series HP AND HP Release B.11.23 OR 800 Series OS Release 11.23 800-series HP AND HP Release B.11.23 AND NOT Patch PHNE_32606 is installed

Definition Id: oval:org.mitre.oval:def:5386

Oval ID:	oval:org.mitre.oval:def:5386
Title:	Multiple Vendor ICMP Path MTU Discovery Connection Degradation DoS Vulnerability
Description:	Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Family:	ios	Class:	vulnerability
Reference(s):	CVE-2004-1060	Version:	1
Platform(s):	Cisco IOS	Product(s):
Definition Synopsis:
IOS vulnerable versions AND NOT IOS vulnerable versions AND config contains: ip tcp path-mtu-discovery AND config contains: crypto map AND config contains: tunnel protection AND config contains: ip pmtu AND config contains: tunnel path-mtu-discovery

Definition Id: oval:org.mitre.oval:def:651

Oval ID:	oval:org.mitre.oval:def:651
Title:	HP-UX 11.11 or 11.23 Path MTU Discovery Attack Vulnerability
Description:	Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-1060	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
An HPUX 11.11 or 11.23 is installed 700 Series or 800 Series OS Release 11.11 700 Series OS Release 11.11 700-series HP AND HP Release B.11.11 OR 800 Series OS Release 11.11 800-series HP AND HP Release B.11.11 OR 700 Series or 800 Series OS Release 11.23 700 Series OS Release 11.23 700-series HP AND HP Release B.11.23 OR 800 Series OS Release 11.23 800-series HP AND HP Release B.11.23 AND TOUR_PRODUCT.T-NET2-KRN with version less than A.03.00 is installed

Definition Id: oval:org.mitre.oval:def:780

Oval ID:	oval:org.mitre.oval:def:780
Title:	Server 2003 Path MTU Discovery Attack Vulnerability
Description:	Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-1060	Version:	8
Platform(s):	Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Software section Windows Server 2003 is installed AND 32-bit version of Windows or 64-bit (itanium architecture) version of Windows is installed 32-Bit version of Windows is installed AND a version of Windows for the ia64 architecture is installed AND the version of Tcpip.sys is less than 5.2.3790.336 AND NOT Win2K/XP/2003 is patched AND the patch KB893066 is installed AND Configuration section Enable Path MTU Discovery is Disabled

Definition Id: oval:org.mitre.oval:def:899

Oval ID:	oval:org.mitre.oval:def:899
Title:	HP-UX 11.04 Path MTU Discovery Attack Vulnerability
Description:	Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-1060	Version:	6
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
700 Series or 800 Series OS Release 11.04 700 Series OS Release 11.04 700-series HP AND HP Release B.11.04 OR 800 Series OS Release 11.04 800-series HP AND HP Release B.11.04 AND NOT Patch PHNE_33427 is installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Icmp cpe:2.3:a:icmp:icmp::::::::	1
Application	Tcp cpe:2.3:a:tcp:tcp::::::::	1

ExploitDB Exploits

id	Description
2005-04-12	Multiple Vendor ICMP Message Handling DoS
2005-04-12	Multiple Vendor ICMP Implementation Malformed Path MTU DoS
2005-04-12	Multiple Vendor ICMP Implementation Spoofed Source Quench Packet DoS
2005-06-27	Stream / Raped Denial of Service Attack (win version)
2005-04-20	Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages DoS Exploit

OpenVAS Exploits

Date	Description
2012-03-01	Name : TCP Sequence Number Approximation Reset Denial of Service Vulnerability File : nvt/secpod_tcp_sequence_approx_dos_vuln.nasl
2011-11-21	Name : Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerab... File : nvt/secpod_ms_windows_ip_validation_code_exec_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
15619	Multiple Vendor ICMP Implementation Malformed Path MTU DoS Multiple ICMP implementations contains a flaw that may allow a remote denial of service. The issue is triggered due to the handling of ICMP error messages and when the "Path MTU Discovery" (PMTUD) mechanism is used. By sending a specially crafted ICMP error message, a remote attacker could arbitrary reduce the throughput of a TCP connection resulting in a loss of availability.

Description

15619

Multiple Vendor ICMP Implementation Malformed Path MTU DoS

Multiple ICMP implementations contains a flaw that may allow a remote denial of service. The issue is triggered due to the handling of ICMP error messages and when the "Path MTU Discovery" (PMTUD) mechanism is used. By sending a specially crafted ICMP error message, a remote attacker could arbitrary reduce the throughput of a TCP connection resulting in a loss of availability.

Snort® IPS/IDS

Date	Description
2014-01-10	(icmp4)ICMPpathMTUdenialofserviceattempt RuleID : 451 - Revision : 2 - Type :
2014-01-10	PATH MTU denial of service attempt RuleID : 3626 - Revision : 9 - Type : PROTOCOL-ICMP
2014-01-10	(decode)samesrc/dstIP RuleID : 151 - Revision : 2 - Type :

Nessus® Vulnerability Scanner

Date	Description
2017-05-08	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL23440942.nasl - Type : ACT_GATHER_INFO
2015-06-30	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15792.nasl - Type : ACT_GATHER_INFO
2010-09-01	Name : The remote device is missing a vendor-supplied security patch File : cisco-sa-20050412-icmp.nasl - Type : ACT_GATHER_INFO
2005-08-23	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_33427.nasl - Type : ACT_GATHER_INFO
2005-08-01	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_32606.nasl - Type : ACT_GATHER_INFO
2005-08-01	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_33395.nasl - Type : ACT_GATHER_INFO
2005-07-05	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_33159.nasl - Type : ACT_GATHER_INFO
2005-05-30	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_26076.nasl - Type : ACT_GATHER_INFO
2005-05-30	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_26125.nasl - Type : ACT_GATHER_INFO
2005-04-12	Name : Arbitrary code can be executed on the remote host due to a flaw in the TCP/IP... File : smb_kb893066.nasl - Type : ACT_GATHER_INFO
2005-04-12	Name : Arbitrary code can be executed on the remote host due to a flaw in the TCP/IP... File : smb_nt_ms05-019.nasl - Type : ACT_GATHER_INFO
2005-02-16	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_25644.nasl - Type : ACT_GATHER_INFO
2004-04-25	Name : It was possible to send spoofed RST packets to the remote system. File : tcp_seq_window.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/13124
CISCO	http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
HP	http://marc.info/?l=bugtraq&m=112861397904255&w=2 http://www.securityfocus.com/archive/1/418882/100/0/threaded
MISC	http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
MS	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05...
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SCO	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.4/SCOSA-2006.4.txt
SECUNIA	http://secunia.com/advisories/18317
SREASON	http://securityreason.com/securityalert/19 http://securityreason.com/securityalert/57

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:02:27	Multiple Updates
2021-04-22 01:02:37	Multiple Updates
2020-12-09 21:23:56	Multiple Updates
2020-12-08 21:24:01	Multiple Updates
2020-05-23 00:15:56	Multiple Updates
2019-03-19 12:01:42	Multiple Updates
2018-10-19 21:19:36	Multiple Updates
2018-10-13 00:22:30	Multiple Updates
2017-10-11 09:23:25	Multiple Updates
2017-05-09 13:20:53	Multiple Updates
2016-10-18 12:01:24	Multiple Updates
2016-04-26 12:55:22	Multiple Updates
2015-07-01 13:27:47	Multiple Updates
2014-02-17 10:28:22	Multiple Updates
2014-01-19 21:22:21	Multiple Updates
2013-05-11 11:43:44	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	9
CPE ID(s)	2
Sources(s)	20
osvdb(s)	1
ExploitDB Exploit(s)	5
Openvas Exploit(s)	2
Snort® Rule(s)	3
Nessus® Exploit(s)	13

	Related
7.5	MS05-019
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

5 - CVE-2004-1060

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

ExploitDB Exploits

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU