CVE-2004-0791
published 2005-04-12CVE-2004-0791: Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind…
PriorityP430medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
20.32%
97.2th percentile
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_2003_server | — | — |
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | sunos | — | — |
| sun | sunos | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5c86-xw43-gw75: Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages,
ghsa_unreviewed·2022-05-03·CVSS 5.0
CVE-2004-0790 [MEDIUM] GHSA-5c86-xw43-gw75: Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages,
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
GHSA
GHSA-8jw3-72q3-6378: Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network t
ghsa_unreviewed·2022-05-03·CVSS 5.0
CVE-2004-1060 [MEDIUM] GHSA-8jw3-72q3-6378: Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network t
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
GHSA
GHSA-fqvv-84gm-c2c5: Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a
ghsa_unreviewed·2022-05-03·CVSS 5.0
CVE-2004-0791 [MEDIUM] GHSA-fqvv-84gm-c2c5: Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
GHSA
GHSA-whr2-cjwc-wj5g: The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2005-0065 [MEDIUM] GHSA-whr2-cjwc-wj5g: The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that
The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 ar
GHSA
GHSA-rhmh-v4vm-7q2m: The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2005-0068 [MEDIUM] GHSA-rhmh-v4vm-7q2m: The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP
The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerabilit
GHSA
GHSA-626v-45vc-q94p: The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2005-0067 [MEDIUM] GHSA-626v-45vc-q94p: The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to
The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on v
GHSA
GHSA-4v46-4mj5-q2x2: The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within t
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2005-0066 [MEDIUM] GHSA-4v46-4mj5-q2x2: The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within t
The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP acknowledgement number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-20
Red Hat
security flaw
vendor_redhat·2005-04-12·CVSS 5.0
CVE-2004-0791 [MEDIUM] security flaw
security flaw
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
No detection rules found.
Bugzilla
CVE-2004-0791 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2004-0791 [MEDIUM] CVE-2004-0791 security flaw
CVE-2004-0791 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and numb
Bugzilla
Multiple Kernel vulnerabilities
bugzilla·2005-05-11
[MEDIUM] Multiple Kernel vulnerabilities
Multiple Kernel vulnerabilities
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Mozilla rulez!)
Description of problem:
Paul Starzetz of iSEC has found yet another bug in binfmt_elf.c. It can be abused to crash the kernel, perhaps even to break into the kernel land. See the advisory for details.
Version-Release number of selected component (if applicable):
How reproducible:
Didn't try
Steps to Reproduce:
Additional info:
I've got a quick and dirty patch. I'll submit it ASAP.
Discussion:
Grr...Bugzilla assigned the bug to [email protected] rather than to
[email protected]
---
Created attachment 114264
The patch for CAN-2005-1263
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch can be applied to FL kernel 2.4.20-43:
402e548b02382c015d6f5e5704370a1ba546598b
li
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.4/SCOSA-2006.4.txthttp://marc.info/?l=bugtraq&m=112861397904255&w=2http://secunia.com/advisories/18317http://securityreason.com/securityalert/19http://securityreason.com/securityalert/57http://sunsolve.sun.com/search/document.do?assetkey=1-26-101658-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.htmlhttp://www.redhat.com/support/errata/RHSA-2005-016.htmlhttp://www.redhat.com/support/errata/RHSA-2005-017.htmlhttp://www.redhat.com/support/errata/RHSA-2005-043.htmlhttp://www.securityfocus.com/archive/1/418882/100/0/threadedhttp://www.securityfocus.com/archive/1/428028/100/0/threadedhttp://www.securityfocus.com/archive/1/428058/100/0/threadedhttp://www.securityfocus.com/bid/13124http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=enhttp://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txthttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10228https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1112https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A184https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A464https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A596https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A688https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A726ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.4/SCOSA-2006.4.txthttp://marc.info/?l=bugtraq&m=112861397904255&w=2http://secunia.com/advisories/18317http://securityreason.com/securityalert/19http://securityreason.com/securityalert/57http://sunsolve.sun.com/search/document.do?assetkey=1-26-101658-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.htmlhttp://www.redhat.com/support/errata/RHSA-2005-016.htmlhttp://www.redhat.com/support/errata/RHSA-2005-017.htmlhttp://www.redhat.com/support/errata/RHSA-2005-043.htmlhttp://www.securityfocus.com/archive/1/418882/100/0/threadedhttp://www.securityfocus.com/archive/1/428028/100/0/threadedhttp://www.securityfocus.com/archive/1/428058/100/0/threadedhttp://www.securityfocus.com/bid/13124http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=enhttp://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txthttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10228https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1112https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A184https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A464https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A596https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A688https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A726
2005-04-12
Published