Lucene search

[email protected]CVE-2004-0257

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0257

2004-11-2305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0257

openbsd

netbsd

denial of service

crash

ipv6

mtu

tcp connect

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON

OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.

CPENameOperatorVersion
netbsd:netbsdnetbsdeq1.6
openbsd:openbsdopenbsdeq3.1
openbsd:openbsdopenbsdeq3.3
netbsd:netbsdnetbsdeq1.6.1
openbsd:openbsdopenbsdeq3.2
openbsd:openbsdopenbsdeq3.0
openbsd:openbsdopenbsdeq3.4

CPE	Name	Operator	Version
netbsd:netbsd	netbsd	eq	1.6
openbsd:openbsd	openbsd	eq	3.1
openbsd:openbsd	openbsd	eq	3.3
netbsd:netbsd	netbsd	eq	1.6.1
openbsd:openbsd	openbsd	eq	3.2
openbsd:openbsd	openbsd	eq	3.0
openbsd:openbsd	openbsd	eq	3.4

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-002.txt.asc

lists.grok.org.uk/pipermail/full-disclosure/2004-February/016704.html

marc.info/?l=bugtraq&m=107604603226564&w=2

www.guninski.com/obsdmtu.html

www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet6/ip6_output.c

www.osvdb.org/3825

www.securityfocus.com/bid/9577

exchange.xforce.ibmcloud.com/vulnerabilities/15044

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON