Multiple vendor TCP/IP implementations ICMP Source Quench packet denial of service (TcpIpSourceQuenchDos)

Vuln ID: 17429
Risk Level: Medium risk vulnerability  Medium TcpIpSourceQuenchDos
Platforms: Compaq Tru64: 4.0f, Compaq Tru64: 4.0g, Compaq Tru64: 5.1a, Cisco IP Phone 7960, RedHat Enterprise Linux: 2.1 AS, RedHat Enterprise Linux: 2.1 ES, RedHat Enterprise Linux: 2.1 WS, HP HP-UX: B.11.00, HP HP-UX: B.11.11, RedHat Enterprise Linux: 3 WS, RedHat Enterprise Linux: 3 ES, RedHat Enterprise Linux: 3 AS, Wind River VxWorks, NetAPP Data ONTAP: 6.0, RedHat Enterprise Linux: 3 Desktop, HP HP-UX: B.11.23, HP HP-UX: B.11.22, Compaq Tru64: 5.1b2, HP HP-UX: B.11.04, Cisco IP Phone 7940, Cisco Catalyst 6608, Cisco Catalyst 6624, Cisco IOS XR, WatchGuard WatchGuard Firebox, Compaq Tru64: 5.1b3, Juniper JUNOS, RedHat Linux Advanced Workstation: 2.1 Itanium
Description:

Multiple vendor TCP/IP implementations are vulnerable to a denial of service attack. An ICMP Type 4 (Source Quench) packet is a message to the sending host to slow down the sending of data because it cannot keep up. Many implementations fail to validate whether the sequence number in the TCP header of an ICMP packet is within an acceptable range. By sending a specially-crafted ICMP Source Quench packet, a remote attacker could slow traffic between two hosts.

Remedy:

For Cisco:
Refer to cisco-sa-20050412-icmp for patch, upgrade, or suggested workaround. See References.

For Data ONTAP:
Apply the 138865 patch for this vulnerability, available from the NetApp Web site. See References.

For HP-UX:
Apply the appropriate patch for your system, as listed in Hewlett-Packard Company Security Bulletin SSRT4884.

Hewlett-Packard customers can obtain a fix for this vulnerability from the IT Resource Center at the Hewlett-Packard Company Web site. See References.

For HP-UX:
Apply the appropriate patch for your system, as listed in Hewlett-Packard Company Security Bulletin SSRT4743.

Hewlett-Packard customers can obtain a fix for this vulnerability from the IT Resource Center at the Hewlett-Packard Company Web site. See References.

For Red Hat Linux:
Refer to RHSA-2005:043-13, RHSA-2005:016-13, or RHSA-2005:017-14 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

False Negatives:
Required Permission:
Additional Information:

References:

NISCC Vulnerability Advisory 532967
Vulnerability Issues in ICMP packets with TCP payloads
http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en

cisco-sa-20050412-icmp
Crafted ICMP Messages Can Cause Denial of Service
http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml

SA14904
Cisco Various Products ICMP Message Handling Denial of Service
http://secunia.com/advisories/14904/

CERT Vulnerability Note VU#222750
Network Appliance Information for VU#222750
http://www.kb.cert.org/vuls/id/JGEI-69DM7V

NetApp Web site
NetApp On the Web
http://now.netapp.com/

Sa14950
Juniper Networks JUNOS ICMP Message Handling Denial of Service
http://secunia.com/advisories/14950/

SA14937
Network Appliance Data ONTAP ICMP Message Handling Denial of Service
http://secunia.com/advisories/14937/

SecurityTracker Alert ID: 1013696
VxWorks ICMP Processing Errors Let Remote Users Deny Service
http://www.securitytracker.com/alerts/2005/Apr/1013696.html

Internet-Draft of ICMP attacks
ICMP attacks against TCP draft-gont-tcpm-icmp-attacks-03.txt
https://datatracker.ietf.org/public/idindex.cgi?command=id_detail&id=12183

SecurityTracker Alert ID: 1013698
WatchGuard Firebox ICMP Processing Errors Let Remote Users Deny Service
http://www.securitytracker.com/alerts/2005/Apr/1013698.html

CIAC INFORMATION BULLETIN P-181
Cisco Products Vulnerable to DoS via Crafted ICMP Messages
http://www.ciac.org/ciac/bulletins/p-181.shtml

BugTraq Mailing List, Thu May 26 2005 - 12:08:50 CDT
[security bulletin] SSRT4884 rev.0 - HP-UX TCP/IP Remote Denial of Service (DoS)
http://archives.neohapsis.com/archives/bugtraq/2005-05/0301.html

Hewlett-Packard Company Web site
IT Resource Center - login / register
http://www1.itrc.hp.com/service/cki/secBullArchive.do?admint=-682735245+1116276188578+28353475

SecurityTracker Alert ID: 1014505
HP Tru64 TCP/IP ISN and ICMP Processing Flaws Let Remote Users Deny Service
http://www.securitytracker.com/alerts/2005/Jul/1014505.html

SA16126
Blue Coat Products ICMP Message Handling Denial of Service
http://secunia.com/advisories/16126/

RHSA-2005:043-13
kernel security update
https://rhn.redhat.com/errata/RHSA-2005-043.html

RHSA-2005:016-13
kernel security update
https://rhn.redhat.com/errata/RHSA-2005-016.html

RHSA-2005:017-14
kernel security update
https://rhn.redhat.com/errata/RHSA-2005-017.html

ISS X-Force
Multiple vendor TCP/IP implementations ICMP Source Quench packet denial of service
http://www.iss.net/security_center/static/17429.php

CVE CVE-2004-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0791


X-Force Logo
Know Your Risks
Mitre.org CVE Logo
Common Vulnerabilties & Exposures