Computer Security

Search:Vulnerability:21.05.2004
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



OpenBSD kernel information leak
Published:21.05.2004
Source:SECURITEAM
SecurityVulns ID:3704
Type:local
Level:5/10
Description:It's possible to read chunks from kernel memory via procfs.
Affected:OPENBSD : OpenBSD 3.5
Original documentdocumentSECURITEAM, [UNIX] OpenBSD Procfs Memory Disclosure Vulnerability (21.05.2004)
Discuss:Read or add your comments to this news (0 comments)

TCP RST packets spoofing
updated since 21.04.2004
Published:21.05.2004
Source:CERT
SecurityVulns ID:3628
Type:remote
Level:7/10
Description:By sending spoofed RST it's possible to terminate established TCP connection. unlike TPC hijacking attacks there is no need for exact TCP sequence number, and number can be any number from handshaked TCP window. It significantly increases attack efficiency. In NetBSD sequence number for RST is not checked at all, it makes it possible to terminate session with single packet.
Affected:CISCO : IOS 12.0
 CISCO : IOS 11.2
 CHECKPOINT : Firewall-1 NG
 CISCO : IOS 12.3
 CISCO : Catalist 1200
 CISCO : Catalist 2800
 CISCO : Catalist 3000
 CISCO : Catalist 4000
 CISCO : Catalist 6000
 CISCO : Cisco WS-6624
 CISCO : Cisco Aironet 350
 CISCO : Cisco ONS 15327
 CISCO : Cisco ONS 15454SDH
 INTERNICHE : NicheStack 2.0
 CISCO : PIX 6.2
 CISCO : PIX 6.3
 ISS : Proventia G
 ISS : Proventia M
 CISCO : Catalist 1900
 CISCO : Catalist 2900
 CISCO : Catalist 3900
 CISCO : Catalist 5000
 CISCO : Cisco MDS 9000
 CISCO : Cisco Aironet 340
 CISCO : Cisco Aironet 1200
 CISCO : Cisco ONS 15454
 CISCO : Cisco ONS 15600
 INTERNICHE : NicheLite 2.0
 NETBSD : NetBSD 2.0
 HP : ProCurve 9315M
 HP : ProCurve 9308M
 HP : ProCurve 9304M
 CHECKPOINT : Firewall-1 4.1
 CISCO : IOS 11.1
 CISCO : IOS 12.1
 CHECKPOINT : VPN-1 4.1
 NETBSD : NetBSD 1.5
 CISCO : IOS 11.3
 CISCO : IOS 12.2
 NETBSD : NetBSD 1.6
 CISCO : PIX 6.1
Original documentdocumentHP, [security bulletin] SSRT4696 rev. 0 HP ProCurve Routing Switches TCP Denial of Service (DoS) (21.05.2004)
 documentNETBSD, NetBSD Security Advisory 2004-006: TCP protocol and implementation vulnerability (22.04.2004)
 documentCISCO, Cisco Security Advisory: TCP Vulnerabilities in Multiple Non-IOS-Based Cisco Products (21.04.2004)
 documentCISCO, Cisco Security Advisory: TCP Vulnerabilities in Multiple IOS Based Cisco Products (21.04.2004)
 documentCERT, US-CERT Technical Cyber Security Alert TA04-111A -- Vulnerabilities in TCP (21.04.2004)
Files:TCP Reset Spoofing Generic Exploits
 Transmission Control Protocol security considerations
 NISCC Vulnerability Advisory 236929 Vulnerability Issues in TCP
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru