TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Multiple Cisco products are affected by denial of service (DoS)
vulnerabilities that manipulate the state of Transmission Control
Protocol (TCP) connections. By manipulating the state of a TCP
connection, an attacker could force the TCP connection to remain in a
long-lived state, possibly indefinitely. If enough TCP connections are
forced into a long-lived or indefinite state, resources on a system
under attack may be consumed, preventing new TCP connections from being
accepted. In some cases, a system reboot may be necessary to recover
normal system operation. To exploit these vulnerabilities, an attacker
must be able to complete a TCP three-way handshake with a vulnerable
system.
In addition to these vulnerabilities, Cisco Nexus 5000 devices contain
a TCP DoS vulnerability that may result in a system crash. This
additional vulnerability was found as a result of testing the TCP state
manipulation vulnerabilities.
Cisco has released free software updates for download from the Cisco
website that address these vulnerabilities. Workarounds that mitigate
these vulnerabilities are available.

See also :

https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html
http://www.nessus.org/u?c44442a0
http://www.nessus.org/u?12cf8d1c

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20090908-tcp24.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49038 (cisco-sa-20090908-tcp24http.nasl)

Bugtraq ID: 31545
36303

CVE ID: CVE-2008-4609
CVE-2009-0627