OSVDB ID: 15620

Title: Multiple Vendor TCP Implementation Malformed Sequence Number Range Issue

Info

Disclosure

Apr 16, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Multiple TCP implementations contains a flaw that may allow a remote attacker to forge ICMP error messages. The problem is that the TCP sequence number in an ICMP error message is not checked whether it is within the range of sequence numbers for data that has been sent but not acknowledged. It is possible that the flaw may allow a remote attacker to forge ICMP error messages resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Infrastructure
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

All Vendors

All Products

All Versions

References

Other Advisory URL: http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
Vendor Specific Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.36/SCOSA-2005.36.txt
Secunia Advisory ID: 16701
CVE ID: 2005-0065 (see also: NVD)
Keyword: aka "TCP sequence number checking"

Credit

Fernando Gont - fernandogont.com.ar -

Direct URL: http://osvdb.org/36218