 |
|
|
|
Multiple TCP implementations different security vulnerabilities
updated since 09.09.2009 | | Published: |  | 18.11.2009 | | Source: |  | CVE | | SecurityVulns ID: |  | 10211 | | Type: |  | remote | | Level: |  | 9/10 | | Description: |  | Multiple security vulnerabilities in different operation sustems caused by resource exhaustions on maintaining TCP states table. |
| Affected: |  | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | CISCO : IOS 12.0 | | | | CISCO : IOS 12.1 | | | | CISCO : IOS 12.2 | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | CISCO : IOS 12.3 | | | | CISCO : IOS 12.4 | | | | CISCO : PIX 7.0 | | | | CISCO : PIX 7.1 | | | | MICROSOFT : Windows Vista | | | | CISCO : PIX 7.2 | | | | CISCO : CatOS 7.6 | | | | MICROSOFT : Windows 2008 Server | | | | CISCO : PIX 8.0 | | | | CISCO : PIX 8.1 | | | | CISCO : IOS XE 2.1 | | | | CISCO : IOS XE 2.2 | | | | CISCO : CatOS 8.7 | | | | CISCO : Cisco Nexus 5000 | | | | CISCO : Cisco Nexus 7000 | | CVE: |  | CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability.") | | | | CVE-2009-1925 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability.") | | | | CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.) |
|
|
|
|
|
|
|
|
