Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3774

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3774
Last Modified 07 Mar 2011 09:27:09
Published 22 Nov 2005 07:03:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3774

Summary

Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.

Vulnerable Systems


References

CERT-VN - VU#853540

XF - cisco-pix-ttl-dos(25079)

XF - cisco-pix-tcp-data-field-dos(25077)

VUPEN - ADV-2005-2546

BID - 15525

BUGTRAQ - 20060307 RE: Cisco PIX embryonic state machine 1b data DoS

BUGTRAQ - 20060307 Cisco PIX embryonic state machine TTL(n-1) DoS

BUGTRAQ - 20060307 Cisco PIX embryonic state machine 1b data DoS

BUGTRAQ - 20051122 Cisco PIX TCP Connection Prevention

OSVDB - 24140

CISCO - 20051128 Response to Cisco PIX TCP Connection Prevention

CONFIRM - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html

SECTRACK - 1015256

SECUNIA - 17670


Last Updated: 27 May 2016 10:41:02