certfr_avis - certa-2009-avi-372

CERTA-2009-AVI-372

Vulnerability from certfr_avis

De multiples vulnérabilités dans l'implémentation de TCP/IP sous Microsoft Windows permettent d'exécuter du code arbitraire ou de réaliser un déni de service à distance.

Description

De multiples vulnérabilités ont été découvertes dans l'implémentation de TCP/IP sous Microsoft Windows :

un déni de service à distance est possible dû à la façon dont Microsoft Windows gère un nombre excessif de connexions TCP. Cette vulnérabilité est amplifiée lorsque la taille de la fenêtre a une valeur proche de 0 (CVE-2008-4609) ;
une exécution de code arbitraire à distance est possible car la pile TCP/IP de Microsoft Windows ne nettoie pas correctement les informations d'état (CVE-2009-1925) ;
un déni de service à distance est possible du fait d'une erreur dans la gestion des paquets ayant une taille de fenêtre proche de 0 (CVE-2009-1926).

Solution

Se référer au bulletin de sécurité Microsoft MS09-048 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows 2003 x64 Edition Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Vista Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Vista ;
Microsoft	Windows	Microsoft Windows Server 2008 for x64-based Systems ;
Microsoft	Windows	Microsoft Windows 2003 with SP2 for Itanium-based Systems ;
Microsoft	Windows	Microsoft Windows Vista Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Server 2008 for Itanium-based Systems ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition ;
Microsoft	Windows	Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 for 32-bit Systems ;
Microsoft	Windows	Microsoft Windows 2003 Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2.
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-048 du 08 septembre 2009	None	vendor-advisory
Bulletin de sécurité Microsoft MS09-048 du 08 septembre 2009 :	-	other
Bulletin de sécurité Microsoft MS09-048 du 08 septembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows 2003 x64 Edition Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista x64 Edition Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 for x64-based Systems ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2003 with SP2 for Itanium-based Systems ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista x64 Edition Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 for Itanium-based Systems ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista x64 Edition ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 for 32-bit Systems ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2003 Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans l\u0027impl\u00e9mentation de\nTCP/IP sous Microsoft Windows :\n\n-   un d\u00e9ni de service \u00e0 distance est possible d\u00fb \u00e0 la fa\u00e7on dont\n    Microsoft Windows g\u00e8re un nombre excessif de connexions TCP. Cette\n    vuln\u00e9rabilit\u00e9 est amplifi\u00e9e lorsque la taille de la fen\u00eatre a une\n    valeur proche de 0 (CVE-2008-4609) ;\n-   une ex\u00e9cution de code arbitraire \u00e0 distance est possible car la pile\n    TCP/IP de Microsoft Windows ne nettoie pas correctement les\n    informations d\u0027\u00e9tat (CVE-2009-1925) ;\n-   un d\u00e9ni de service \u00e0 distance est possible du fait d\u0027une erreur dans\n    la gestion des paquets ayant une taille de fen\u00eatre proche de 0\n    (CVE-2009-1926).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1926"
    },
    {
      "name": "CVE-2008-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4609"
    },
    {
      "name": "CVE-2009-1925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1925"
    }
  ],
  "initial_release_date": "2009-09-09T00:00:00",
  "last_revision_date": "2009-09-09T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 du 08 septembre    2009 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-048.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 du 08 septembre    2009 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx"
    }
  ],
  "reference": "CERTA-2009-AVI-372",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans l\u0027impl\u00e9mentation de TCP/IP sous \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e permettent d\u0027ex\u00e9cuter du code\narbitraire ou de r\u00e9aliser un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TCP/IP sous Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 du 08 septembre 2009",
      "url": null
    }
  ]
}

CVE-2009-1926 (GCVE-0-2009-1926)

Vulnerability from cvelistv5

Published

2009-09-08 22:00

Modified

2024-10-17 18:29

Severity ?

CWE

Summary

Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."

References

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965	vdb-entry, signature, x_refsource_OVAL
	http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926	x_refsource_MISC
	http://www.securityfocus.com/bid/36269	vdb-entry, x_refsource_BID
	http://osvdb.org/57797	vdb-entry, x_refsource_OSVDB
	http://www.us-cert.gov/cas/techalerts/TA09-251A.html	third-party-advisory, x_refsource_CERT
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048	vendor-advisory, x_refsource_MS
	http://www.securityfocus.com/archive/1/506331/100/0/threaded	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:27:54.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:5965",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926"
          },
          {
            "name": "36269",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36269"
          },
          {
            "name": "57797",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/57797"
          },
          {
            "name": "TA09-251A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
          },
          {
            "name": "MS09-048",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
          },
          {
            "name": "20090909 TCP/IP Orphaned Connections Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/506331/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2009-1926",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-11T16:45:37.416398Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T18:29:15.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \"TCP/IP Orphaned Connections Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:5965",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926"
        },
        {
          "name": "36269",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36269"
        },
        {
          "name": "57797",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/57797"
        },
        {
          "name": "TA09-251A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
        },
        {
          "name": "MS09-048",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
        },
        {
          "name": "20090909 TCP/IP Orphaned Connections Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/506331/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-1926",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \"TCP/IP Orphaned Connections Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:5965",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965"
            },
            {
              "name": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926",
              "refsource": "MISC",
              "url": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926"
            },
            {
              "name": "36269",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36269"
            },
            {
              "name": "57797",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/57797"
            },
            {
              "name": "TA09-251A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
            },
            {
              "name": "MS09-048",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
            },
            {
              "name": "20090909 TCP/IP Orphaned Connections Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/506331/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-1926",
    "datePublished": "2009-09-08T22:00:00",
    "dateReserved": "2009-06-04T00:00:00",
    "dateUpdated": "2024-10-17T18:29:15.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-1925 (GCVE-0-2009-1925)

Vulnerability from cvelistv5

Published

2009-09-08 22:00

Modified

2024-08-07 05:27

Severity ?

CWE

Summary

The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."

References

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6374	vdb-entry, signature, x_refsource_OVAL
	http://www.us-cert.gov/cas/techalerts/TA09-251A.html	third-party-advisory, x_refsource_CERT
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048	vendor-advisory, x_refsource_MS

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:27:54.873Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:6374",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6374"
          },
          {
            "name": "TA09-251A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
          },
          {
            "name": "MS09-048",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka \"TCP/IP Timestamps Code Execution Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:6374",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6374"
        },
        {
          "name": "TA09-251A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
        },
        {
          "name": "MS09-048",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-1925",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka \"TCP/IP Timestamps Code Execution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:6374",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6374"
            },
            {
              "name": "TA09-251A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
            },
            {
              "name": "MS09-048",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-1925",
    "datePublished": "2009-09-08T22:00:00",
    "dateReserved": "2009-06-04T00:00:00",
    "dateUpdated": "2024-08-07T05:27:54.873Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-4609 (GCVE-0-2008-4609)

Vulnerability from cvelistv5

Published

2008-10-20 17:00

Modified

2024-08-07 10:24

Severity ?

CWE

Summary

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

References

URL

Tags

	http://blog.robertlee.name/2008/10/conjecture-speculation.html	x_refsource_MISC
	https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=125856010926699&w=2	vendor-advisory, x_refsource_HP
	http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html	mailing-list, x_refsource_MLIST
	http://insecure.org/stf/tcp-dos-attack-explained.html	x_refsource_MISC
	http://www.outpost24.com/news/news-2008-10-02.html	x_refsource_MISC
	http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf	x_refsource_MISC
	http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml	vendor-advisory, x_refsource_CISCO
	http://www.us-cert.gov/cas/techalerts/TA09-251A.html	third-party-advisory, x_refsource_CERT
	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html	x_refsource_CONFIRM
	http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html	vendor-advisory, x_refsource_CISCO
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048	vendor-advisory, x_refsource_MS
	http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340	vdb-entry, signature, x_refsource_OVAL
	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	vendor-advisory, x_refsource_MANDRIVA
	http://marc.info/?l=bugtraq&m=125856010926699&w=2	vendor-advisory, x_refsource_HP

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:24:20.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.robertlee.name/2008/10/conjecture-speculation.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html"
          },
          {
            "name": "HPSBMI02473",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2"
          },
          {
            "name": "[dailydave] 20081002 TCP Resource Exhaustion DoS Attack Speculation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://insecure.org/stf/tcp-dos-attack-explained.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.outpost24.com/news/news-2008-10-02.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf"
          },
          {
            "name": "20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml"
          },
          {
            "name": "TA09-251A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
          },
          {
            "name": "20081017 Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html"
          },
          {
            "name": "MS09-048",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked"
          },
          {
            "name": "oval:org.mitre.oval:def:6340",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340"
          },
          {
            "name": "MDVSA-2013:150",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
          },
          {
            "name": "SSRT080138",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.robertlee.name/2008/10/conjecture-speculation.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html"
        },
        {
          "name": "HPSBMI02473",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2"
        },
        {
          "name": "[dailydave] 20081002 TCP Resource Exhaustion DoS Attack Speculation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://insecure.org/stf/tcp-dos-attack-explained.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.outpost24.com/news/news-2008-10-02.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf"
        },
        {
          "name": "20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml"
        },
        {
          "name": "TA09-251A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
        },
        {
          "name": "20081017 Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html"
        },
        {
          "name": "MS09-048",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked"
        },
        {
          "name": "oval:org.mitre.oval:def:6340",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340"
        },
        {
          "name": "MDVSA-2013:150",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
        },
        {
          "name": "SSRT080138",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4609",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blog.robertlee.name/2008/10/conjecture-speculation.html",
              "refsource": "MISC",
              "url": "http://blog.robertlee.name/2008/10/conjecture-speculation.html"
            },
            {
              "name": "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html",
              "refsource": "MISC",
              "url": "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html"
            },
            {
              "name": "HPSBMI02473",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2"
            },
            {
              "name": "[dailydave] 20081002 TCP Resource Exhaustion DoS Attack Speculation",
              "refsource": "MLIST",
              "url": "http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html"
            },
            {
              "name": "http://insecure.org/stf/tcp-dos-attack-explained.html",
              "refsource": "MISC",
              "url": "http://insecure.org/stf/tcp-dos-attack-explained.html"
            },
            {
              "name": "http://www.outpost24.com/news/news-2008-10-02.html",
              "refsource": "MISC",
              "url": "http://www.outpost24.com/news/news-2008-10-02.html"
            },
            {
              "name": "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf",
              "refsource": "MISC",
              "url": "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf"
            },
            {
              "name": "20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml"
            },
            {
              "name": "TA09-251A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
            },
            {
              "name": "20081017 Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html"
            },
            {
              "name": "MS09-048",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
            },
            {
              "name": "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked",
              "refsource": "MISC",
              "url": "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked"
            },
            {
              "name": "oval:org.mitre.oval:def:6340",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340"
            },
            {
              "name": "MDVSA-2013:150",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
            },
            {
              "name": "SSRT080138",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4609",
    "datePublished": "2008-10-20T17:00:00",
    "dateReserved": "2008-10-20T00:00:00",
    "dateUpdated": "2024-08-07T10:24:20.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTA-2009-AVI-372

Vulnerability from certfr_avis

Description

Solution

CVE-2009-1926 (GCVE-0-2009-1926)

Vulnerability from cvelistv5

CVE-2009-1925 (GCVE-0-2009-1925)

Vulnerability from cvelistv5

CVE-2008-4609 (GCVE-0-2008-4609)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature