Vulnerability Details : CVE-2004-0230
Potential exploit
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
Vulnerability category: Denial of service
Products affected by CVE-2004-0230
- cpe:2.3:o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_98se:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:-:*
- cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:network_data_loss_prevention:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:network_data_loss_prevention:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:network_data_loss_prevention:9.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:network_data_loss_prevention:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4x27:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1r:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.2:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.2:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.2:r3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.1:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.1:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.1:r3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:r3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:r5:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:r4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:r6:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:r7:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x45:d15:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2:r3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2:r5:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x45:d10:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2:r7:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x45:d20:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2:r4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2:r6:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x44:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x47:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.1:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.2:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.3:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:r8:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:r10:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:r9:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4r13:s2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x45:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2:-:*:*:*:*:*:*
- cpe:2.3:a:openpgp:openpgp:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:xinuos:openserver:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:xinuos:openserver:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:o:xinuos:unixware:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:xinuos:unixware:7.1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0230
11.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0230
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2004-0230
-
Red Hat 2006-08-16The DHS advisory is a good source of background information about the issue: http://www.us-cert.gov/cas/techalerts/TA04-111A.html It is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attacker would need to know the source and destination ip address and ports as well as being able to guess the sequence number within the window. These requirements seriously reduce the ability to trigger a connection reset on normal TCP connections. The DHS advisory explains that BGP routing is a specific case where being able to trigger a reset is easier than expected as the end points can be easily determined and large window sizes are used. BGP routing is also signficantly affected by having it’s connections terminated. The major BGP peers have recently switched to requiring md5 signatures which mitigates against this attack. The following article from Linux Weekly News also puts the flaw into context and shows why it does not pose a significant threat: http://lwn.net/Articles/81560/ Red Hat does not have any plans for action regarding this issue.
References for CVE-2004-0230
-
http://kb.juniper.net/JSA10638
2014-07 Security Bulletin: Junos: Denial of Service in TCP packet processing (CVE-2004-0230)Third Party Advisory
-
http://marc.info/?l=bugtraq&m=108302060014745&w=2
'Perl code exploting TCP not checking RST ACK.' - MARCMailing List
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15886
TCP spoofed reset denial of service CVE-2004-0230 Vulnerability ReportThird Party Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064
Microsoft Security Bulletin MS06-064 - Important | Microsoft LearnThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270
404 Not FoundBroken Link
-
http://www.vupen.com/english/advisories/2006/3983
Site en constructionPermissions Required;Broken Link
-
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt
Third Party Advisory;Broken Link
-
http://marc.info/?l=bugtraq&m=108506952116653&w=2
'[security bulletin] SSRT4696 rev. 0 HP ProCurve Routing Switches TCP Denial of Service (DoS)' - MARCMailing List
-
http://www.securityfocus.com/archive/1/449179/100/0/threaded
Broken Link
-
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc
Third Party Advisory;Broken Link
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10053
Patch;Third Party Advisory;Broken Link
-
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt
Third Party Advisory;Broken Link
-
http://www.kb.cert.org/vuls/id/415294
VU#415294 - The Border Gateway Protocol relies on persistent TCP sessions without specifying authentication requirementsThird Party Advisory;US Government Resource
-
http://secunia.com/advisories/11458
About Secunia Research | FlexeraPermissions Required;Third Party Advisory;VDB Entry;Broken Link
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019
Microsoft Security Bulletin MS05-019 - Critical | Microsoft LearnThird Party Advisory
-
http://www.securityfocus.com/bid/10183
Exploit;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/22341
About Secunia Research | FlexeraPermissions Required;Third Party Advisory;VDB Entry;Broken Link
-
ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc
Third Party Advisory;Broken Link
-
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Oracle Critical Patch Update - January 2015Patch;Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791
404 Not FoundBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689
404 Not FoundBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508
404 Not FoundBroken Link
-
http://www.uniras.gov.uk/vuls/2004/236929/index.htm
Broken Link
-
http://www.osvdb.org/4030
404 Not FoundBroken Link
-
http://secunia.com/advisories/11440
About Secunia Research | FlexeraPermissions Required;Third Party Advisory;VDB Entry;Broken Link
-
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml
Cisco: Software, Network, and Cybersecurity Solutions - CiscoBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711
404 Not FoundBroken Link
-
http://www.us-cert.gov/cas/techalerts/TA04-111A.html
Page Not Found | CISAThird Party Advisory;US Government Resource
-
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt
Third Party Advisory;Broken Link
Jump to