|
| TC: | 12021 | |
| Description: | This test identifies OpenBSD 2.4 or earlier. It has been demonstrated that this OS can be crashed remotely using malformed packets that start an internal kernel race condition. | |
| TC Impact: | Gather Info | |
| Service: | telnet |
| Vulnerability Publication: | February 1999 | |
| Advisory Copyright: | N.A. | |
| Summary: | The TCP/IP stack of this system has a flaw that may lead to a system crash via malformed packets. | |
| Risk: | Low | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial | |
| CVSS 2.0 Base Score: | 2.6 |
| Vulnerability Impact: |
Crash |
|---|
| Host Impact: | An attacker could crash the system. | |
| Nature of Remediation: | Obtain patches. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Upgrade Software ***** Get latest OpenBSD kernel. Patches for 2.4 also exist. |
| References: | ||
| * OPENBSD: Feb19,1999 http://www.openbsd.org/errata24.html#ipqrace * XF: openbsd-ipintr-race http://xforce.iss.net/xforce/xfdb/1829 * OSVDB: 7558 http://www.osvdb.org/7558 |
| CVE Link: |
CVE-1999-0485 |
 |
|---|
| Glossary: |
Crash Denial of Service Race Condition |
|---|