FreeBSD Security Advisory FreeBSD-SA-05:15.tcp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:15.tcp Security Advisory The FreeBSD Project Topic: TCP connection stall denial of service Category: core Module: inet Announced: 2005-06-29 Credits: Noritoshi...

kernel -- TCP connection stall denial of service

Problem Description Two problems have been discovered in the FreeBSD TCP stack. First, when a TCP packets containing a timestamp is received, inadequate checking of sequence numbers is performed, allowing an attacker to artificially increase the internal "recent" timestamp for a connection. Secon...

backupexec_agent.pm.txt

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers PAWS with the timestamps option enabled allow remote attackers to cause a denial of service connection loss via a spoofed packet with a large timer value, which causes the host to discard later packets because they appe...

CVE-2005-0065

The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged aka "TCP sequence number checking", which makes it easier for attackers to forge ICMP error messages for specifi...

CVE-2005-1184

The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service CPU consumption via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that th...

HP-UX PHNE_25644 : s700_800 11.11 cumulative ARPA Transport patch

s700800 11.11 cumulative ARPA Transport patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running TCP/IP. This vulnerability could be remotely exploited by an unauthorized user to cause a Denial of ServiceDo...

CVE-2005-0065

The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged aka "TCP sequence number checking", which makes it easier for attackers to forge ICMP error messages for specifi...

CVE-2005-0065

CVE-2005-0065 describes a vulnerability in TCP sequence number checking for ICMP error messages, enabling an attacker to forge ICMP messages for existing TCP connections and cause DoS. Connected advisories corroborate that multiple TCP/IP/ICMP implementations are affected and that the issue perta...

Encrypted Messenger char sequence DoS

Strings !! cause application to crash...

CVE-2004-1164

The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service process crash via a certain "unexpected packet sequence."...

[Full-Disclosure] EEYE: Windows VDM #UD Local Privilege Escalation

Windows VDM UD Local Privilege Escalation Release Date: October 12, 2004 Date Reported: March 18, 2004 Severity: Medium Local Privilege Escalation to Kernel Systems Affected: Windows NT 4.0 Windows 2000 Windows XP SP1 and earlier Windows Server 2003 Description: eEye Digital Security has discover...

CVE-2003-0063

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the...

CVE-2003-0022

The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence...

CVE-2003-0071

The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop...

CVE-2003-0069

The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute...

CVE-2003-0066

Removed by vendor...

CVE-2002-1463

Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers ISN, which allows remote attackers to spoof connections...

CVE-2003-0068

The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker t...

CVE-2003-0022

Removed by vendor...