1. CVE-Search
  2. CVE-1999-0305
ID CVE-1999-0305
Summary The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.
References
Vulnerable Configurations
  • cpe:2.3:o:bsdi:bsd_os:*:*:*:*:*:*:*:*
    cpe:2.3:o:bsdi:bsd_os:*:*:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*
    cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
misc http://www.openbsd.org/advisories/sourceroute.txt
openbsd Feb15,1998 "IP Source Routing Problem"
osvdb 11502
xf bsd-sourceroute(736)
Last major update 03-05-2018 - 01:29
Published 01-02-1998 - 05:00
Last modified 03-05-2018 - 01:29
Back to Top