Linux 2.6 Netfilter TCP Option Matching DoS

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote host is prone to a denial of service attack.

Description :

It was possible to crash the remote host by sending a specially
malformed TCP/IP packet with invalid TCP options. Only version 2.6 of
the Linux kernel is known to be affected by this problem. An attacker
may use this flaw to disable this host remotely.

See also :

http://www.securityfocus.com/archive/1/367615/30/0/threaded
http://www.nessus.org/u?9ba1bace

Solution :

Upgrade to Linux 2.6.8 or later.

Risk factor :

Medium / CVSS Base Score : 5.4
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 4.7
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Family: Denial of Service

Nessus Plugin ID: 12296 (linux26_tcpopt_dos.nasl)

Bugtraq ID: 10634

CVE ID: CVE-2004-0626

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial