Linux 2.6 Netfilter TCP Option Matching DoS

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote host is prone to a denial of service attack.

Description :

It was possible to crash the remote host by sending a specially
malformed TCP/IP packet with invalid TCP options. Only version 2.6 of
the Linux kernel is known to be affected by this problem. An attacker
may use this flaw to disable this host remotely.

See also :

http://www.securityfocus.com/archive/1/367615/30/0/threaded
http://www.nessus.org/u?9ba1bace

Solution :

Upgrade to Linux 2.6.8 or later.

Risk factor :

Medium / CVSS Base Score : 5.4
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 4.7
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Family: Denial of Service

Nessus Plugin ID: 12296 (linux26_tcpopt_dos.nasl)

Bugtraq ID: 10634

CVE ID: CVE-2004-0626

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now