cbcvebase.
CVE-2004-1060
published 2004-04-12

CVE-2004-1060: Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput…

PriorityP338medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
74.67%
99.4th percentile
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

Affected

10 ranges
VendorProductVersion rangeFixed in
hphp-ux
hphp-ux
hphp-ux
hphp-ux
hphp-ux
microsoftwindows_2003_server
sunsolaris
sunsolaris
sunsunos
sunsunos

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25388.tar.gz
  • Detect forged ICMP Path MTU Discovery (PMTUD) messages sent to reduce the MTU for a given TCP connection — a spoofed ICMP message with a valid source/destination IP address and port pair matching an existing connection should be flagged as a potential CVE-2004-1060 attack.
  • Alert on ICMP error messages that contain a matching source/destination IP address and port pair for an active TCP connection but originate from unexpected or spoofed sources, as the RFC does not mandate security checks for such messages.
  • ·CVE-2004-1060 specifically affects systems configured to use ICMP Path MTU Discovery (PMTUD); hosts not using PMTUD are not vulnerable to this particular attack vector.
  • ·CVE-2004-1060 (ICMP PMTUD attack) is a distinct issue from CVE-2004-0790 (blind connection-reset) and CVE-2004-0791 (ICMP Source Quench); detection and mitigation must address each separately.
  • ·Microsoft platforms are also confirmed affected by the ICMP PMTUD attack (CVE-2004-1060), broadening the scope beyond Unix/Linux TCP/IP stacks.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.