CVE-2005-0065

The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
http://www.securityfocus.com/bid/13124

Configurations

Configuration 1 (hide)

cpe:2.3:a:tcp:tcp:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-05-02 04:00

Updated : 2023-12-10 10:28

NVD link : CVE-2005-0065

Mitre link : CVE-2005-0065

CVE.ORG link : CVE-2005-0065

JSON object : View

Products Affected

tcp

tcp

CWE

NVD-CWE-Other

{"id": "CVE-2005-0065", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/13124", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka \"TCP sequence number checking\"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged \"Destination Unreachable\" messages, (2) blind throughput-reduction attacks with forged \"Source Quench\" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities."}], "lastModified": "2008-09-05T20:45:12.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tcp:tcp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2E69CF1-D657-4511-8726-D122211B9002"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}