[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-4609Date: (C)2008-10-20   (M)2023-12-22


The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.1
Exploit Score: 8.6
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml
HPSBMI02473
MDVSA-2013:150
MS09-048
TA09-251A
http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html
http://blog.robertlee.name/2008/10/conjecture-speculation.html
http://insecure.org/stf/tcp-dos-attack-explained.html
http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked
http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.outpost24.com/news/news-2008-10-02.html
https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html
oval:org.mitre.oval:def:6340

CWE    1
CWE-16
OVAL    3
oval:org.mitre.oval:def:6340
oval:org.secpod.oval:def:2556
oval:org.secpod.oval:def:2002773

© SecPod Technologies