OSVDB ID: 15621

Title: Multiple Vendor TCP Implementation Acknowledgement Number Checking Issue

Info

Disclosure

Apr 16, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Multiple TCP implementations contains a flaw that may allow a remote attacker to forge ICMP error messages. The problem is that the TCP Acknowledgement number in an ICMP error message generated by an intermediate routher is not checked whether it is within the range of possible values for data that has already been acknowledged. It is possible that the flaw may allow a remote attacker to forge ICMP error messages resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Infrastructure
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

All Vendors

All Products

All Versions

References

Other Advisory URL: http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
Vendor Specific Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.36/SCOSA-2005.36.txt
Secunia Advisory ID: 16701
CVE ID: 2005-0066 (see also: NVD)
Keyword: aka "TCP acknowledgement number checking"

Credit

Fernando Gont - fernandogont.com.ar -

Direct URL: http://osvdb.org/36218