cvelistv5 - cve-2009-1926

CVE-2009-1926 (GCVE-0-2009-1926)

Vulnerability from cvelistv5

Published

2009-09-08 22:00

Modified

2024-10-17 18:29

Severity ?

CWE

Summary

Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."

References

URL

Tags

secure@microsoft.com	http://osvdb.org/57797
secure@microsoft.com	http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926
secure@microsoft.com	http://www.securityfocus.com/archive/1/506331/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/36269
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-251A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/57797
af854a3a-2127-422b-91ae-364da2661108	http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/506331/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36269
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-251A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:27:54.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:5965",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926"
          },
          {
            "name": "36269",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36269"
          },
          {
            "name": "57797",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/57797"
          },
          {
            "name": "TA09-251A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
          },
          {
            "name": "MS09-048",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
          },
          {
            "name": "20090909 TCP/IP Orphaned Connections Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/506331/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2009-1926",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-11T16:45:37.416398Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T18:29:15.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \"TCP/IP Orphaned Connections Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:5965",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926"
        },
        {
          "name": "36269",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36269"
        },
        {
          "name": "57797",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/57797"
        },
        {
          "name": "TA09-251A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
        },
        {
          "name": "MS09-048",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
        },
        {
          "name": "20090909 TCP/IP Orphaned Connections Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/506331/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-1926",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \"TCP/IP Orphaned Connections Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:5965",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965"
            },
            {
              "name": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926",
              "refsource": "MISC",
              "url": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926"
            },
            {
              "name": "36269",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36269"
            },
            {
              "name": "57797",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/57797"
            },
            {
              "name": "TA09-251A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
            },
            {
              "name": "MS09-048",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
            },
            {
              "name": "20090909 TCP/IP Orphaned Connections Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/506331/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-1926",
    "datePublished": "2009-09-08T22:00:00",
    "dateReserved": "2009-06-04T00:00:00",
    "dateUpdated": "2024-10-17T18:29:15.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1926\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-09-08T22:30:00.390\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \\\"TCP/IP Orphaned Connections Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1 y SP2, y Server 2008 Gold y SP2 permiten a los atacantes remotos provocar una denegaci\u00f3n de servicio (interrupci\u00f3n de TCP) por medio de una serie de sesiones TCP que tienen datos pendientes y un tama\u00f1o de ventana de recepci\u00f3n (1) peque\u00f1a o (2) cero y permanecen en el estado FIN-WAIT-1 o FIN-WAIT-2 indefinidamente, tambi\u00e9n se conoce como \\\"TCP/IP Orphaned Connections Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7F6EA111-A4E6-4963-A0C8-F9336C605B6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*\",\"matchCriteriaId\":\"26A548AB-7C40-4CB7-B024-8A2DA947F245\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*\",\"matchCriteriaId\":\"5BE99796-BADE-40D1-AD85-03D28A466E5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7AE15F6C-80F6-43A6-86DA-B92116A697A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"2C9B0563-D613-497D-8F2E-515E6DA00CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*\",\"matchCriteriaId\":\"BA99C751-91CB-43D4-93FF-1C12342CAF1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*\",\"matchCriteriaId\":\"CD560746-0AED-4646-934E-6742888FB6F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*\",\"matchCriteriaId\":\"C29F02ED-85FC-4D22-A6DE-5F9C77ECCD70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/57797\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/506331/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/36269\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-251A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://osvdb.org/57797\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/506331/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/36269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-251A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965\", \"name\": \"oval:org.mitre.oval:def:5965\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/36269\", \"name\": \"36269\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://osvdb.org/57797\", \"name\": \"57797\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-251A.html\", \"name\": \"TA09-251A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048\", \"name\": \"MS09-048\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/506331/100/0/threaded\", \"name\": \"20090909 TCP/IP Orphaned Connections Vulnerability\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T05:27:54.788Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2009-1926\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-11T16:45:37.416398Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-17T18:29:11.899Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2009-09-08T00:00:00\", \"references\": [{\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965\", \"name\": \"oval:org.mitre.oval:def:5965\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.securityfocus.com/bid/36269\", \"name\": \"36269\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://osvdb.org/57797\", \"name\": \"57797\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-251A.html\", \"name\": \"TA09-251A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048\", \"name\": \"MS09-048\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/506331/100/0/threaded\", \"name\": \"20090909 TCP/IP Orphaned Connections Vulnerability\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \\\"TCP/IP Orphaned Connections Vulnerability.\\\"\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2018-10-12T19:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965\", \"name\": \"oval:org.mitre.oval:def:5965\", \"refsource\": \"OVAL\"}, {\"url\": \"http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926\", \"name\": \"http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.securityfocus.com/bid/36269\", \"name\": \"36269\", \"refsource\": \"BID\"}, {\"url\": \"http://osvdb.org/57797\", \"name\": \"57797\", \"refsource\": \"OSVDB\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-251A.html\", \"name\": \"TA09-251A\", \"refsource\": \"CERT\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048\", \"name\": \"MS09-048\", \"refsource\": \"MS\"}, {\"url\": \"http://www.securityfocus.com/archive/1/506331/100/0/threaded\", \"name\": \"20090909 TCP/IP Orphaned Connections Vulnerability\", \"refsource\": \"BUGTRAQ\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \\\"TCP/IP Orphaned Connections Vulnerability.\\\"\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2009-1926\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@microsoft.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2009-1926\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-17T18:29:15.515Z\", \"dateReserved\": \"2009-06-04T00:00:00\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2009-09-08T22:00:00\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTA-2009-ALE-017

Vulnerability from certfr_alerte

Des vulnérabilités dans la pile TCP/IP de certains produits permettent à une personne malintentionnée distante de provoquer un déni de service.

Description

Plusieurs vulnérabilités dans l'implémentation TCP/IP de certains produits permettent à une personne malintentionnée distante de provoquer un déni de service. Les conséquences, failles et le volume de trafic nécessaire peuvent varier selon les produits.

Microsoft a annoncé ne pas corriger ces failles pour Windows 2000, qui bénéficie officiellement d'un support étendu jusqu'au 13 juillet 2010.

Microsoft n'a également pas publié de correctif pour Windows XP car la configuration par défaut n'est pas affectée (pas d'exception dans le pare-feu intégré).

Contournement provisoire

Les personnes utilisant l'un des systèmes concernés comme poste client peuvent utiliser un dispositif de filtrage à état (stateful) afin de bloquer les connexions entrantes non sollicitées.

Au besoin, les utilisateurs sont invités à lire les bulletins de sécurité des différents éditeurs pour des contournements adaptés aux produits concernés.

Solution

Les vulnérabilités ont été corrigés dans les produits Microsoft (MS09-048), Oracle (CPUJul2012), Redhat (RHBA-2009-1539), Solaris (Sun Alert 267088) et Cisco (cisco-sa-20090908-tcp24). Se rapprocher de l'éditeur pour obtenir un correctif pour les produits non cités.

Microsoft Windows 2000 Service Pack 4 ;
Microsoft Windows XP Service Pack 2 ;
Microsoft Windows XP Service Pack 3 ;
Red Hat Enterprise Linux 3, 4, 5 ;
Red Hat Enterprise MRG ;
Sun Solaris versions 8, 9 et 10.

D'autres produits sont très probablement affectés par ces vulnérabilités.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-048 du 08 septembre 2009 :	-	other
Bulletin de sécurité Oracle CPUJul2012 de juillet 2012 :	-	other
Bulletin de sécurité Sun Solaris Alert 267088 du 09 septembre 2009 :	-	other
Bulletin de sécurité Cisco cisco-sa-20090908-tcp24 du 08 septembre 2009 :	-	other
Bulletin de sécurité Microsoft MS09-048 du 08 septembre 2009 :	-	other
Bulletin de sécurité Redhat RHBA-2009-1539 du 02 octobre 2009 :	-	other
Entrée 18730 de la base de connaissances de Red Hat :	-	other
Avis de sécurité du CERT-FI :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eMicrosoft Windows 2000 Service Pack 4 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows XP Service Pack 2 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows XP Service Pack 3 ;\u003c/LI\u003e    \u003cLI\u003eRed Hat Enterprise Linux 3, 4, 5 ;\u003c/LI\u003e    \u003cLI\u003eRed Hat Enterprise MRG ;\u003c/LI\u003e    \u003cLI\u003eSun Solaris versions 8, 9 et 10.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eD\u0027autres produits sont tr\u00e8s probablement affect\u00e9s par ces  vuln\u00e9rabilit\u00e9s.\u003c/P\u003e",
  "closed_at": "2013-02-19",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans l\u0027impl\u00e9mentation TCP/IP de certains\nproduits permettent \u00e0 une personne malintentionn\u00e9e distante de provoquer\nun d\u00e9ni de service. Les cons\u00e9quences, failles et le volume de trafic\nn\u00e9cessaire peuvent varier selon les produits.\n\nMicrosoft a annonc\u00e9 ne pas corriger ces failles pour Windows 2000, qui\nb\u00e9n\u00e9ficie officiellement d\u0027un support \u00e9tendu jusqu\u0027au 13 juillet 2010.\n\nMicrosoft n\u0027a \u00e9galement pas publi\u00e9 de correctif pour Windows XP car la\nconfiguration par d\u00e9faut n\u0027est pas affect\u00e9e (pas d\u0027exception dans le\npare-feu int\u00e9gr\u00e9).\n\n## Contournement provisoire\n\nLes personnes utilisant l\u0027un des syst\u00e8mes concern\u00e9s comme poste client\npeuvent utiliser un dispositif de filtrage \u00e0 \u00e9tat (stateful) afin de\nbloquer les connexions entrantes non sollicit\u00e9es.\n\nAu besoin, les utilisateurs sont invit\u00e9s \u00e0 lire les bulletins de\ns\u00e9curit\u00e9 des diff\u00e9rents \u00e9diteurs pour des contournements adapt\u00e9s aux\nproduits concern\u00e9s.\n\n## Solution\n\nLes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9s dans les produits Microsoft\n(MS09-048), Oracle (CPUJul2012), Redhat (RHBA-2009-1539), Solaris (Sun\nAlert 267088) et Cisco (cisco-sa-20090908-tcp24). Se rapprocher de\nl\u0027\u00e9diteur pour obtenir un correctif pour les produits non cit\u00e9s.\n",
  "cves": [
    {
      "name": "CVE-2009-1926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1926"
    },
    {
      "name": "CVE-2008-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4609"
    }
  ],
  "initial_release_date": "2009-09-09T00:00:00",
  "last_revision_date": "2013-02-19T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 du 08 septembre    2009 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-048.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle CPUJul2012 de juillet 2012 :",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris Alert 267088 du 09    septembre 2009 :",
      "url": "http://download.oracle.com/sunalerts/1020909.1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20090908-tcp24 du 08    septembre 2009 :",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090908-tcp24"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 du 08 septembre    2009 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Redhat RHBA-2009-1539 du 02 octobre    2009 :",
      "url": "https://rhn.redhat.com/errata/RHBA-2009-1539.html"
    },
    {
      "title": "Entr\u00e9e 18730 de la base de connaissances de Red Hat :",
      "url": "http://kbase.redhat.com/faq/docs/DOC-18730"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 du CERT-FI :",
      "url": "http://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html"
    }
  ],
  "reference": "CERTA-2009-ALE-017",
  "revisions": [
    {
      "description": "modification de l\u0027alerte pour prendre en compte tous les produits ;",
      "revision_date": "2009-09-09T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Sun Solaris.",
      "revision_date": "2009-09-11T00:00:00.000000"
    },
    {
      "description": "fermeture de l\u0027alerte.",
      "revision_date": "2013-02-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s dans la pile TCP/IP de certains produits permettent \u00e0\nune personne malintentionn\u00e9e distante de provoquer un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans l\u0027impl\u00e9mentation TCP/IP de divers produits",
  "vendor_advisories": []
}

gsd-2009-1926

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-1926

Aliases

CVE-2009-1926

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1926",
    "description": "Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \"TCP/IP Orphaned Connections Vulnerability.\"",
    "id": "GSD-2009-1926",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-1926.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1926"
      ],
      "details": "Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \"TCP/IP Orphaned Connections Vulnerability.\"",
      "id": "GSD-2009-1926",
      "modified": "2023-12-13T01:19:47.525342Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-1926",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \"TCP/IP Orphaned Connections Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:5965",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965"
          },
          {
            "name": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926",
            "refsource": "MISC",
            "url": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926"
          },
          {
            "name": "36269",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36269"
          },
          {
            "name": "57797",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/57797"
          },
          {
            "name": "TA09-251A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
          },
          {
            "name": "MS09-048",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
          },
          {
            "name": "20090909 TCP/IP Orphaned Connections Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/506331/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-1926"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \"TCP/IP Orphaned Connections Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36269",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36269"
            },
            {
              "name": "57797",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/57797"
            },
            {
              "name": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926"
            },
            {
              "name": "TA09-251A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5965",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965"
            },
            {
              "name": "20090909 TCP/IP Orphaned Connections Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/506331/100/0/threaded"
            },
            {
              "name": "MS09-048",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-12-07T18:38Z",
      "publishedDate": "2009-09-08T22:30Z"
    }
  }
}

ghsa-69v4-mh7p-68f3

Vulnerability from github

Published

2022-05-02 03:29

Modified

2022-05-02 03:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1926"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-09-08T22:30:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \"TCP/IP Orphaned Connections Vulnerability.\"",
  "id": "GHSA-69v4-mh7p-68f3",
  "modified": "2022-05-02T03:29:58Z",
  "published": "2022-05-02T03:29:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1926"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/57797"
    },
    {
      "type": "WEB",
      "url": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/506331/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36269"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-372

Vulnerability from certfr_avis

De multiples vulnérabilités dans l'implémentation de TCP/IP sous Microsoft Windows permettent d'exécuter du code arbitraire ou de réaliser un déni de service à distance.

Description

De multiples vulnérabilités ont été découvertes dans l'implémentation de TCP/IP sous Microsoft Windows :

un déni de service à distance est possible dû à la façon dont Microsoft Windows gère un nombre excessif de connexions TCP. Cette vulnérabilité est amplifiée lorsque la taille de la fenêtre a une valeur proche de 0 (CVE-2008-4609) ;
une exécution de code arbitraire à distance est possible car la pile TCP/IP de Microsoft Windows ne nettoie pas correctement les informations d'état (CVE-2009-1925) ;
un déni de service à distance est possible du fait d'une erreur dans la gestion des paquets ayant une taille de fenêtre proche de 0 (CVE-2009-1926).

Solution

Se référer au bulletin de sécurité Microsoft MS09-048 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows 2003 x64 Edition Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Vista Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Vista ;
Microsoft	Windows	Microsoft Windows Server 2008 for x64-based Systems ;
Microsoft	Windows	Microsoft Windows 2003 with SP2 for Itanium-based Systems ;
Microsoft	Windows	Microsoft Windows Vista Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Server 2008 for Itanium-based Systems ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition ;
Microsoft	Windows	Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 for 32-bit Systems ;
Microsoft	Windows	Microsoft Windows 2003 Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2.
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-048 du 08 septembre 2009	None	vendor-advisory
Bulletin de sécurité Microsoft MS09-048 du 08 septembre 2009 :	-	other
Bulletin de sécurité Microsoft MS09-048 du 08 septembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows 2003 x64 Edition Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista x64 Edition Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 for x64-based Systems ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2003 with SP2 for Itanium-based Systems ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista x64 Edition Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 for Itanium-based Systems ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista x64 Edition ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 for 32-bit Systems ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2003 Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans l\u0027impl\u00e9mentation de\nTCP/IP sous Microsoft Windows :\n\n-   un d\u00e9ni de service \u00e0 distance est possible d\u00fb \u00e0 la fa\u00e7on dont\n    Microsoft Windows g\u00e8re un nombre excessif de connexions TCP. Cette\n    vuln\u00e9rabilit\u00e9 est amplifi\u00e9e lorsque la taille de la fen\u00eatre a une\n    valeur proche de 0 (CVE-2008-4609) ;\n-   une ex\u00e9cution de code arbitraire \u00e0 distance est possible car la pile\n    TCP/IP de Microsoft Windows ne nettoie pas correctement les\n    informations d\u0027\u00e9tat (CVE-2009-1925) ;\n-   un d\u00e9ni de service \u00e0 distance est possible du fait d\u0027une erreur dans\n    la gestion des paquets ayant une taille de fen\u00eatre proche de 0\n    (CVE-2009-1926).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1926"
    },
    {
      "name": "CVE-2008-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4609"
    },
    {
      "name": "CVE-2009-1925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1925"
    }
  ],
  "initial_release_date": "2009-09-09T00:00:00",
  "last_revision_date": "2009-09-09T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 du 08 septembre    2009 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-048.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 du 08 septembre    2009 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx"
    }
  ],
  "reference": "CERTA-2009-AVI-372",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans l\u0027impl\u00e9mentation de TCP/IP sous \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e permettent d\u0027ex\u00e9cuter du code\narbitraire ou de r\u00e9aliser un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TCP/IP sous Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 du 08 septembre 2009",
      "url": null
    }
  ]
}

fkie_cve-2009-1926

Vulnerability from fkie_nvd

Published

2009-09-08 22:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://osvdb.org/57797
secure@microsoft.com	http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926
secure@microsoft.com	http://www.securityfocus.com/archive/1/506331/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/36269
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-251A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/57797
af854a3a-2127-422b-91ae-364da2661108	http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/506331/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36269
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-251A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965

Impacted products

Vendor	Product	Version
microsoft	windows_2000	-
microsoft	windows_server_2003	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	-
microsoft	windows_vista	-
microsoft	windows_vista	-
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*",
              "matchCriteriaId": "26A548AB-7C40-4CB7-B024-8A2DA947F245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*",
              "matchCriteriaId": "5BE99796-BADE-40D1-AD85-03D28A466E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*",
              "matchCriteriaId": "BA99C751-91CB-43D4-93FF-1C12342CAF1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*",
              "matchCriteriaId": "CD560746-0AED-4646-934E-6742888FB6F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*",
              "matchCriteriaId": "C29F02ED-85FC-4D22-A6DE-5F9C77ECCD70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka \"TCP/IP Orphaned Connections Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1 y SP2, y Server 2008 Gold y SP2 permiten a los atacantes remotos provocar una denegaci\u00f3n de servicio (interrupci\u00f3n de TCP) por medio de una serie de sesiones TCP que tienen datos pendientes y un tama\u00f1o de ventana de recepci\u00f3n (1) peque\u00f1a o (2) cero y permanecen en el estado FIN-WAIT-1 o FIN-WAIT-2 indefinidamente, tambi\u00e9n se conoce como \"TCP/IP Orphaned Connections Vulnerability\"."
    }
  ],
  "id": "CVE-2009-1926",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-08T22:30:00.390",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/57797"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/506331/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/36269"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/57797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.recurity-labs.com/content/pub/Microsoft_Windows_CVE-2009-1926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/506331/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5965"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-1926 (GCVE-0-2009-1926)

Vulnerability from cvelistv5

CERTA-2009-ALE-017

Vulnerability from certfr_alerte

Description

Contournement provisoire

Solution

gsd-2009-1926

Vulnerability from gsd

ghsa-69v4-mh7p-68f3

Vulnerability from github

CERTA-2009-AVI-372

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2009-1926

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature