TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products - Cisco Systems

high Nessus Plugin ID 49038

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.
In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.
Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20090908-tcp24.

See Also

https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

http://www.nessus.org/u?8112f767

http://www.nessus.org/u?50df1ea3

Plugin Details

Severity: High

ID: 49038

File Name: cisco-sa-20090908-tcp24http.nasl

Version: 1.20

Type: combined

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/8/2009

Vulnerability Publication Date: 10/2/2008

Reference Information

CVE: CVE-2008-4609, CVE-2009-0627

BID: 31545, 36303