[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-1242Date: (C)2006-03-15   (M)2023-12-22


The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-17109
SECUNIA-19402
SECUNIA-19955
http://www.securityfocus.com/archive/1/427622/100/0/threaded
http://www.securityfocus.com/archive/1/427753/100/0/threaded
http://www.securityfocus.com/archive/1/427893/100/0/threaded
http://www.securityfocus.com/archive/1/428605/30/6210/threaded
SECUNIA-20157
SECUNIA-20398
SECUNIA-20671
SECUNIA-20914
SECUNIA-21136
SECUNIA-21465
SECUNIA-21983
SECUNIA-22417
ADV-2006-1140
ADV-2006-2554
DSA-1097
DSA-1103
MDKSA-2006:086
RHSA-2006:0437
RHSA-2006:0575
SUSE-SA:2006:028
USN-281-1
http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.1
oval:org.mitre.oval:def:10317

CPE    151
cpe:/o:linux:linux_kernel:2.4.27:pre5
cpe:/o:linux:linux_kernel:2.4.27:pre4
cpe:/o:linux:linux_kernel:2.6.15:rc1
cpe:/o:linux:linux_kernel:2.6.15
...

© SecPod Technologies