Linux 2.6 Netfilter TCP Option Matching DoS

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote host is prone to a denial of service attack.

Description :

It was possible to crash the remote host by sending a specially
malformed TCP/IP packet with invalid TCP options. Only version 2.6 of
the Linux kernel is known to be affected by this problem. An attacker
may use this flaw to disable this host remotely.

See also :

http://www.securityfocus.com/archive/1/367615/30/0/threaded
http://www.nessus.org/u?9ba1bace

Solution :

Upgrade to Linux 2.6.8 or later.

Risk factor :

Medium / CVSS Base Score : 5.4
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 4.7
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Family: Denial of Service

Nessus Plugin ID: 12296 (linux26_tcpopt_dos.nasl)

Bugtraq ID: 10634

CVE ID: CVE-2004-0626