Multiple Vendor ICMP Implementation Spoofed Source Quench Packet DoS

2005-04-16T21:31:19
ID OSVDB:15618
Type osvdb
Reporter Fernando Gont(fernando@gont.com.ar)
Modified 2005-04-16T21:31:19

Description

Vulnerability Description

Multiple ICMP implementations contains a flaw that may allow a remote denial of service. The issue is triggered due to the handling of ICMP error messages. By sending a specially crafted ICMP Source Quench packet, a remote attacker could arbitrary reduce the throughput of a TCP connection resulting in a loss of availability.

Solution Description

Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Short Description

Multiple ICMP implementations contains a flaw that may allow a remote denial of service. The issue is triggered due to the handling of ICMP error messages. By sending a specially crafted ICMP Source Quench packet, a remote attacker could arbitrary reduce the throughput of a TCP connection resulting in a loss of availability.

References:

Vendor URL: https://www.watchguard.com/ Vendor URL: http://www.netapp.com/ Vendor URL: http://www.redback.com/ Vendor URL: https://www.juniper.net/ Vendor URL: http://www.windriver.com/ Vendor URL: http://www.ibm.com/us/ Vendor URL: http://www.sco.com/ Vendor URL: http://www.sun.com/ Vendor URL: http://www.openbsd.org/ Vendor URL: http://www.cisco.com/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Snort Signature ID: 477 Snort Signature ID: 448 Security Tracker: 1013706 Security Tracker: 1013696 Security Tracker: 1013698 Security Tracker: 1013871 Secunia Advisory ID:14928 Secunia Advisory ID:14950 Secunia Advisory ID:15761 Secunia Advisory ID:16701 Secunia Advisory ID:14945 Secunia Advisory ID:18317 Other Advisory URL: http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt Other Advisory URL: http://www.niscc.gov.uk/niscc/docs/al-20050412-00308.html Other Advisory URL: http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-03.txt Other Advisory URL: http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html Other Advisory URL: http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en Keyword: aka the "Path MTU discovery attack" Keyword: aka the "blind connection-reset attack" Keyword: aka the "ICMP Source Quench attack" ISS X-Force ID: 17429 CVE-2004-0791 CERT VU: 222750 Bugtraq ID: 13124