CVE-2004-0230
Summary
| CVE | CVE-2004-0230 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2004-08-18 04:00:00 UTC |
| Updated | 2018-10-19 15:30:00 UTC |
| Description | TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Juniper | Junos | All | All | All | All |
| Operating System | Juniper | Junos | All | All | All | All |
| Application | Mcafee | Network Data Loss Prevention | 9.2.0 | All | All | All |
| Application | Mcafee | Network Data Loss Prevention | 9.2.1 | All | All | All |
| Application | Mcafee | Network Data Loss Prevention | 9.2.2 | All | All | All |
| Application | Mcafee | Network Data Loss Prevention | 9.2.0 | All | All | All |
| Application | Mcafee | Network Data Loss Prevention | 9.2.1 | All | All | All |
| Application | Mcafee | Network Data Loss Prevention | 9.2.2 | All | All | All |
| Application | Mcafee | Network Data Loss Prevention | All | All | All | All |
| Operating System | Netbsd | Netbsd | 1.5 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.5.1 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.5.2 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.5.3 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.6 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.6.1 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.6.2 | All | All | All |
| Operating System | Netbsd | Netbsd | 2.0 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.5 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.5.1 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.5.2 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.5.3 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.6 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.6.1 | All | All | All |
| Operating System | Netbsd | Netbsd | 1.6.2 | All | All | All |
| Operating System | Netbsd | Netbsd | 2.0 | All | All | All |
| Application | Openpgp | Openpgp | 2.6.2 | All | All | All |
| Application | Openpgp | Openpgp | 2.6.2 | All | All | All |
| Operating System | Oracle | Solaris | 10 | All | All | All |
| Operating System | Oracle | Solaris | 11 | All | All | All |
| Operating System | Oracle | Solaris | 10 | All | All | All |
| Operating System | Oracle | Solaris | 11 | All | All | All |
| Operating System | Xinuos | Openserver | 5.0.6 | All | All | All |
| Operating System | Xinuos | Openserver | 5.0.7 | All | All | All |
| Operating System | Xinuos | Openserver | 5.0.6 | All | All | All |
| Operating System | Xinuos | Openserver | 5.0.7 | All | All | All |
| Operating System | Xinuos | Unixware | 7.1.1 | All | All | All |
| Operating System | Xinuos | Unixware | 7.1.3 | All | All | All |
| Operating System | Xinuos | Unixware | 7.1.1 | All | All | All |
| Operating System | Xinuos | Unixware | 7.1.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| US-CERT Technical Cyber Security Alert TA04-111A -- Vulnerabilities in TCP | CERT | www.us-cert.gov | Third Party Advisory, US Government Resource |
| Juniper Networks - 2014-07 Security Bulletin: Junos: Denial of Service in TCP packet processing (CVE-2004-0230) | CONFIRM | kb.juniper.net | Third Party Advisory |
| '[security bulletin] SSRT4696 rev. 0 HP ProCurve Routing Switches TCP Denial of Service (DoS)' - MARC | HP | marc.info | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Microsoft Security Bulletin MS05-019 - Critical | Microsoft Docs | MS | docs.microsoft.com | |
| US-CERT Vulnerability Note VU#415294 | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| Secunia - Advisories - Cisco IOS TCP Connection Reset Denial of Service Vulnerability | SECUNIA | secunia.com | Permissions Required, Third Party Advisory, VDB Entry |
| McAfee KnowledgeBase - McAfee Security Bulletin – Network Data Loss Prevention addresses 17 security issues | CONFIRM | kc.mcafee.com | Patch, Third Party Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Microsoft Security Bulletin MS06-064 - Important | Microsoft Docs | MS | docs.microsoft.com | |
| SCOSA-2005.3 | SCO | ftp.sco.com | Third Party Advisory |
| Secunia - Advisories - Juniper Networks Products TCP Connection Reset Denial of Service | SECUNIA | secunia.com | Permissions Required, Third Party Advisory, VDB Entry |
| Microsoft Windows Multiple IPv6 Denial of Service Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | Permissions Required, Third Party Advisory, VDB Entry |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Oracle Critical Patch Update - January 2015 | CONFIRM | www.oracle.com | Patch, Third Party Advisory |
| Cisco - Networking, Cloud, and Cybersecurity Solutions | CISCO | www.cisco.com | Broken Link |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| 'Perl code exploting TCP not checking RST ACK.' - MARC | BUGTRAQ | marc.info | |
| 4030 | OSVDB | www.osvdb.org | Broken Link |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Permissions Required |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| SCOSA-2005.9 | SCO | ftp.sco.com | Third Party Advisory |
| SCOSA-2005.14 | SCO | ftp.sco.com | Third Party Advisory |
| NetBSD-SA2004-006 | NETBSD | ftp.netbsd.org | Third Party Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Multiple Vendor TCP Sequence Number Approximation Vulnerability | BID | www.securityfocus.com | Exploit, Third Party Advisory, VDB Entry |
| www.uniras.gov.uk/vuls/2004/236929/index.htm | MISC | www.uniras.gov.uk | Broken Link |
| SecurityFocus | HP | www.securityfocus.com | |
| 20040403-01-A | SGI | patches.sgi.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2006-08-16 | Mark J Cox | The DHS advisory is a good source of background information about the issue: http://www.us-cert.gov/cas/techalerts/TA04-111A.html It is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attacker would need to know the source and destination ip address and ports as well as being able to guess the sequence number within the window. These requirements seriously reduce the ability to trigger a connection reset on normal TCP connections. The DHS advisory explains that BGP routing is a specific case where being able to trigger a reset is easier than expected as the end points can be easily determined and large window sizes are used. BGP routing is also signficantly affected by having it’s connections terminated. The major BGP peers have recently switched to requiring md5 signatures which mitigates against this attack. The following article from Linux Weekly News also puts the flaw into context and shows why it does not pose a significant threat: http://lwn.net/Articles/81560/ Red Hat does not have any plans for action regarding this issue. |
There are currently no legacy QID mappings associated with this CVE.