CVE-2004-0230
published 2004-08-18CVE-2004-0230: TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to…
PriorityP346medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
80.86%
99.6th percentile
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products | — | — |
| debian | linux | — | — |
| ibm | os_400 | — | — |
| ibm | os_400 | — | — |
| juniper | junos | < 11.4 | 11.4 |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| mcafee | network_data_loss_prevention | <= 8.6 | — |
| mcafee | network_data_loss_prevention | — | — |
| mcafee | network_data_loss_prevention | — | — |
| mcafee | network_data_loss_prevention | — | — |
| netbsd | netbsd | — | — |
| netbsd | netbsd | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for TCP RST packets with forged/spoofed source IPs targeting BGP port 179 (TCP). Attackers iterate through sequence numbers in increments matching the receiver's window size to land a RST within the acceptance window. ↗
- →Detect high-rate TCP RST packet floods targeting a single destination IP/port pair, especially BGP port 179, where the RST sequence numbers increment by a fixed window-size step (e.g., 2500 or 65536) across the full 32-bit sequence space (0–4294967295). ↗
- →Alert on TCP RST packets where the source IP does not match any established session endpoint (spoofed source), particularly when sent at high volume to long-lived TCP sessions such as BGP peering sessions. ↗
- →For BGP-specific detection: alert on TCP RST packets arriving on port 179 where the TTL value equals 1, as exploit tooling explicitly sets TTL to arrive at the router with TTL=1 per the attack methodology. ↗
- →Detect TCP RST packets with both RST and SYN flags simultaneously set (RST|SYN), which is an anomalous flag combination used by the Kreset.pl exploit tool. ↗
- ·The attack is significantly more effective against TCP implementations using large window sizes. Reducing the TCP receive window size on BGP sessions (e.g., via router configuration) shrinks the sequence number acceptance range and increases the number of packets an attacker must send to land a valid RST. ↗
- ·BGP sessions are disproportionately exposed because both endpoints (IP addresses and port 179) are well-known or easily discoverable, satisfying the attacker's prerequisite knowledge requirements. ↗
- ·On Microsoft platforms, an attacker requires knowledge of both IP addresses and port numbers of an existing TCP connection. Persistent sessions such as BGP are more exposed than short-lived connections. ↗
- ·Cisco routers have a predictable BGP source port after reboot, with subsequent ports incremented by 1 or 512 depending on IOS version, making the source port guessable and lowering the attack complexity. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_cisco5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r5mm-hvcj-hj6j: Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a dif
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2014-6575 [MEDIUM] GHSA-r5mm-hvcj-hj6j: Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a dif
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.
GHSA
GHSA-58p6-7f25-xqv3: TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to
ghsa_unreviewed·2022-05-03
CVE-2004-0230 [MEDIUM] GHSA-58p6-7f25-xqv3: TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
GHSA
GHSA-vpm6-vh97-9hqc: Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TC
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-0442 [MEDIUM] GHSA-vpm6-vh97-9hqc: Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TC
Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.
OSV
CVE-2004-0230: TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to
osv·2004-08-18·CVSS 5.0
CVE-2004-0230 [MEDIUM] CVE-2004-0230: TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
BSD
FreeBSD-SA-14:19.tcp: Denial of Service in TCP packet processing
bsd_advisories·2014-09-16·CVSS 5.0
CVE-2004-0230 [MEDIUM] FreeBSD-SA-14:19.tcp: Denial of Service in TCP packet processing
FreeBSD-SA-14:19.tcp Security Advisory
The FreeBSD Project
Topic: Denial of Service in TCP packet processing
Category: core
Module: inet
Announced: 2014-09-16
Credits: Jonathan Looney (Juniper SIRT)
Affects: All supported versions of FreeBSD.
Corrected: 2014-09-16 09:48:35UTC (stable/10, 10.1-PRERELEASE)
2014-09-16 09:48:35 UTC (stable/10, 10.1-BETA1-p1)
2014-09-16 09:50:19 UTC (releng/10.0, 10.0-RELEASE-p9)
2014-09-16 09:49:11 UTC (stable/9, 9.3-STABLE)
2014-09-16 09:50:19 UTC (releng/9.3, 9.3-RELEASE-p2)
2014-09-16 09:50:19 UTC (releng/9.2, 9.2-RELEASE-p12)
2014-09-16 09:50:19 UTC (releng/9.1, 9.1-RELEASE-p19)
2014-09-16 09:49:11 UTC (stable/8, 8.4-STABLE)
2014-09-16 09:50:19 UTC (releng/8.4, 8.4-RELEASE-p16)
CVE Name: CVE-2004-0230
For general information regarding FreeBSD Security A
Cisco
TCP Vulnerabilities in Multiple Non-IOS Cisco Products
vendor_cisco·2004-04-21·CVSS 5.0
CVE-2004-0230 [MEDIUM] CWE-399 TCP Vulnerabilities in Multiple Non-IOS Cisco Products
TCP Vulnerabilities in Multiple Non-IOS Cisco Products
A vulnerability in the Transmission Control Protocol (TCP)
specification (RFC793) has been discovered by an external researcher. The
successful exploitation enables an adversary to reset any established TCP
connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically
re-established. In other cases, a user will have to repeat the action (for
example, open a new Telnet or SSH session). Depending upon the attacked
protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only
applicable to the sessions which are terminating on a device (such as a router,
switch, or computer), an
Cisco
TCP Vulnerabilities in Multiple IOS-Based Cisco Products
vendor_cisco·2004-04-21
CVE-2004-0230 CWE-399 TCP Vulnerabilities in Multiple IOS-Based Cisco Products
TCP Vulnerabilities in Multiple IOS-Based Cisco Products
A vulnerability in the Transmission Control Protocol (TCP)
specification (RFC793) has been discovered by an external researcher. The
successful exploitation enables an adversary to reset any established TCP
connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically
re-established. In other cases, a user will have to repeat the action (for
example, open a new Telnet or SSH session). Depending upon the attacked
protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only
applicable to the sessions which are terminating on a device (such as a router,
switch, or computer)
Debian
CVE-2004-0230: linux - TCP, when using a large Window Size, makes it easier for remote attackers to gue...
vendor_debian·2004·CVSS 5.0
CVE-2004-0230 [MEDIUM] CVE-2004-0230: linux - TCP, when using a large Window Size, makes it easier for remote attackers to gue...
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
Cisco
TCP Vulnerabilities in Multiple IOS-Based Cisco Products
vendor_cisco
CVE-2004-0230 TCP Vulnerabilities in Multiple IOS-Based Cisco Products
CVE-2004-0230: TCP Vulnerabilities in Multiple IOS-Based Cisco Products
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch,
Red Hat
CVE-2004-0230: TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to
vendor_redhat·CVSS 5.0
CVE-2004-0230 [MEDIUM] CVE-2004-0230: TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
Statement: The DHS advisory is a good source of background information about the issue: https://www.cisa.gov/news-events/alerts/2004/04/20/vulnerabilities-tcp
It is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attacker would need to know the source and destination ip address and ports as well as being able to guess the sequence number within the window. These requirements seriously reduce the ability to trigger a connection reset on norm
No detection rules found.
Exploit-DB
Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)
exploitdb·2005-04-17
CVE-2005-0688 Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)
Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)
---
/* ecl-winipdos.c - 16/04/05
* Yuri Gushin
* Alex Behar
*
* This one was actually interesting, an off-by-one by our beloved
* M$ :)
*
* When processing an IP packet with an option size (2nd byte after
* the option) of 39, it will crash - since the maximum available
* size is 40 for the whole IP options field, and two are already used:
* [ OPT ] [ SIZE ] [ 38 more bytes ]
* Checks are done to validate that the option-size field is less than
* 40, where a value less than !39! should be checked for validation.
*
* Note that this doesn't affect ALL options, and is also dependant upon
* the underlying protocol.
* Anyways, a small PoC to see how it works and why, tweak test and
* explore, have fun :)
*
*
* Greets fly out
Exploit-DB
Multiple Vendor - TCP Sequence Number Approximation (4)
exploitdb·2004-04-23
CVE-2004-0230 Multiple Vendor - TCP Sequence Number Approximation (4)
Multiple Vendor - TCP Sequence Number Approximation (4)
---
source: https://www.securityfocus.com/bid/10183/info
A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may permit remote attackers to more easily approximate TCP sequence numbers.
The problem is that affected implementations will accept TCP sequence numbers within a certain range of the expected sequence number for a packet in the session. This will permit a remote attacker to inject a SYN or RST packet into the session, causing it to be reset and effectively allowing denial-of-service attacks. An attacker would exploit this issue by sending a packet to a receiving implementation with an approximated
Exploit-DB
TCP Connection Reset - Remote Denial of Service
exploitdb·2004-04-23
CVE-2004-0230 TCP Connection Reset - Remote Denial of Service
TCP Connection Reset - Remote Denial of Service
---
/*
By: Paul A. Watson
Build a TCP packet - based on tcp1.c sample code from libnet-1.1.1
COMPILE:
gcc reset-tcp.c -o reset-tcp /usr/lib/libnet.a
or
gcc -o reset-tcp reset-tcp.c -lnet
** be sure to modify the MAC addresses (enet_src/enet_dst) in the code, or you WILL have problems!
EXECUTE:
reset-tcp [interface] [src ip] [src port] [dst ip] [dst port] [window size]
EXAMPLE (and timing packets sent with /bin/date):
[root@orc BGP]# date; ./reset-tcp eth1 172.16.0.1 1 172.16.0.2 2 65536; date
Tue Dec 16 21:18:28 CST 2003
Packets sent: 8192 Sequence guess: 536805376
Packets sent: 16384 Sequence guess: 1073676288
Packets sent: 24576 Sequence guess: 1610547200
Packets sent: 32768 Sequence guess: 2147418112
Packets sent: 40960 Sequence guess
Exploit-DB
Microsoft Windows XP/2000 - TCP Connection Reset
exploitdb·2004-04-22
CVE-2004-0230 Microsoft Windows XP/2000 - TCP Connection Reset
Microsoft Windows XP/2000 - TCP Connection Reset
---
{
AFX TCP Reset by Aphex
http://www.iamaphex.cjb.net
[email protected]
Compile with Delphi 5/6/7
}
program Project1;
{$APPTYPE CONSOLE}
uses
Windows;
type
TBufferArray = array[0..65535] of byte;
type
iph = record
ip_verlen: byte;
ip_tos: byte;
ip_len: word;
ip_id: word;
ip_offset: word;
ip_ttl: byte;
ip_protocol: byte;
ip_checksum: word;
ip_saddr: longword;
ip_daddr: longword;
end;
tcph = record
th_sport: word;
th_dport: word;
th_seq: longword;
th_ack: longword;
th_len: byte;
th_flags: byte;
th_win: word;
th_checksum: word;
th_upr: word;
end;
sb = packed record
sb1, sb2, sb3, sb4: char;
end;
sw = packed record
sw1, sw2: word;
end;
TInAddr = record
case integer of
0: (ssb: sb);
1: (ssw: sw);
2: (saddr: longint);
end;
TSock
Exploit-DB
Multiple Vendor - TCP Sequence Number Approximation (3)
exploitdb·2004-04-20
CVE-2004-0230 Multiple Vendor - TCP Sequence Number Approximation (3)
Multiple Vendor - TCP Sequence Number Approximation (3)
---
source: https://www.securityfocus.com/bid/10183/info
A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may permit remote attackers to more easily approximate TCP sequence numbers.
The problem is that affected implementations will accept TCP sequence numbers within a certain range of the expected sequence number for a packet in the session. This will permit a remote attacker to inject a SYN or RST packet into the session, causing it to be reset and effectively allowing denial-of-service attacks. An attacker would exploit this issue by sending a packet to a receiving implementation with an approximated
Exploit-DB
Multiple Vendor - TCP Sequence Number Approximation (2)
exploitdb·2004-04-20
CVE-2004-0230 Multiple Vendor - TCP Sequence Number Approximation (2)
Multiple Vendor - TCP Sequence Number Approximation (2)
---
source: https://www.securityfocus.com/bid/10183/info
A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may permit remote attackers to more easily approximate TCP sequence numbers.
The problem is that affected implementations will accept TCP sequence numbers within a certain range of the expected sequence number for a packet in the session. This will permit a remote attacker to inject a SYN or RST packet into the session, causing it to be reset and effectively allowing denial-of-service attacks. An attacker would exploit this issue by sending a packet to a receiving implementation with an approximated
Exploit-DB
Multiple Vendor - TCP Sequence Number Approximation (1)
exploitdb·2004-03-05
CVE-2004-0230 Multiple Vendor - TCP Sequence Number Approximation (1)
Multiple Vendor - TCP Sequence Number Approximation (1)
---
// source: https://www.securityfocus.com/bid/10183/info
A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may permit remote attackers to more easily approximate TCP sequence numbers.
The problem is that affected implementations will accept TCP sequence numbers within a certain range of the expected sequence number for a packet in the session. This will permit a remote attacker to inject a SYN or RST packet into the session, causing it to be reset and effectively allowing denial-of-service attacks. An attacker would exploit this issue by sending a packet to a receiving implementation with an approxima
Trendmicro
Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
blogs_trendmicro·2022-07-27
Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
# Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
Learn about the patch gap vulnerabilities in the VMware ESXi TCP/IP stack.
By: Zero Day Initiative
2022/07/27
Read time: ( words)
Save to Folio
Over the last few years, multiple VMware ESXi remote, unauthenticated code execution vulnerabilities have been publicly disclosed. Some were also found to be exploited in the wild. Since these bugs were found in ESXi’s implementation of the SLP service, VMware provided workarounds to turn off the service. VMware also disabled the service by default starting with ESX 7.0 Update 2c. In this blog post, we explore another remotely reachable attack surface: ESXi’s TCP/IP stack implemented as a VMkernel module. The most interesting outcome of this analysis is that ESXi’s TCP/IP s
Trendmicro
Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
blogs_trendmicro·2022-07-27
Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
## Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
Learn about the patch gap vulnerabilities in the VMware ESXi TCP/IP stack.
By: Zero Day Initiative 2022/07/27 Read time: ( words)
Save to Folio
Over the last few years, multiple VMware ESXi remote, unauthenticated code execution vulnerabilities have been publicly disclosed. Some were also found to be exploited in the wild. Since these bugs were found in ESXi’s implementation of the SLP service , VMware provided workarounds to turn off the service. VMware also disabled the service by default starting with ESX 7.0 Update 2c . In this blog post, we explore another remotely reachable attack surface: ESXi’s TCP/IP stack implemented as a VMkernel module. The most interesting outcome of this analysis is that ESXi’s TCP/IP
Trendmicro
Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
blogs_trendmicro·2022-07-27
Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
## Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
Learn about the patch gap vulnerabilities in the VMware ESXi TCP/IP stack.
By: Zero Day Initiative Jul 27, 2022 Read time: ( words)
Save to Folio
Over the last few years, multiple VMware ESXi remote, unauthenticated code execution vulnerabilities have been publicly disclosed. Some were also found to be exploited in the wild. Since these bugs were found in ESXi’s implementation of the SLP service , VMware provided workarounds to turn off the service. VMware also disabled the service by default starting with ESX 7.0 Update 2c . In this blog post, we explore another remotely reachable attack surface: ESXi’s TCP/IP stack implemented as a VMkernel module. The most interesting outcome of this analysis is that ESXi’s TCP/
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.ascftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txtftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txtftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txtftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.aschttp://kb.juniper.net/JSA10638http://marc.info/?l=bugtraq&m=108302060014745&w=2http://marc.info/?l=bugtraq&m=108506952116653&w=2http://secunia.com/advisories/11440http://secunia.com/advisories/11458http://secunia.com/advisories/22341http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtmlhttp://www.kb.cert.org/vuls/id/415294http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.osvdb.org/4030http://www.securityfocus.com/archive/1/449179/100/0/threadedhttp://www.securityfocus.com/bid/10183http://www.uniras.gov.uk/vuls/2004/236929/index.htmhttp://www.us-cert.gov/cas/techalerts/TA04-111A.htmlhttp://www.vupen.com/english/advisories/2006/3983https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064https://exchange.xforce.ibmcloud.com/vulnerabilities/15886https://kc.mcafee.com/corporate/index?page=content&id=SB10053https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.ascftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txtftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txtftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txtftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.aschttp://kb.juniper.net/JSA10638http://marc.info/?l=bugtraq&m=108302060014745&w=2http://marc.info/?l=bugtraq&m=108506952116653&w=2http://secunia.com/advisories/11440http://secunia.com/advisories/11458http://secunia.com/advisories/22341http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtmlhttp://www.kb.cert.org/vuls/id/415294http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.osvdb.org/4030http://www.securityfocus.com/archive/1/449179/100/0/threadedhttp://www.securityfocus.com/bid/10183http://www.uniras.gov.uk/vuls/2004/236929/index.htmhttp://www.us-cert.gov/cas/techalerts/TA04-111A.htmlhttp://www.vupen.com/english/advisories/2006/3983https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064https://exchange.xforce.ibmcloud.com/vulnerabilities/15886https://kc.mcafee.com/corporate/index?page=content&id=SB10053https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711
2004-08-18
Published