TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products - Cisco Systems

High Nessus Plugin ID 49038

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.
In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.
Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20090908-tcp24.

See Also

https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

http://www.nessus.org/u?8112f767

http://www.nessus.org/u?50df1ea3

Plugin Details

Severity: High

ID: 49038

File Name: cisco-sa-20090908-tcp24http.nasl

Version: 1.20

Type: combined

Family: CISCO

Published: 2010/09/01

Updated: 2018/11/15

Dependencies: 47864

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/09/08

Vulnerability Publication Date: 2008/10/02

Reference Information

CVE: CVE-2008-4609, CVE-2009-0627

BID: 31545, 36303