Vulnerability Description
The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tcp | Tcp | All versions |
References
- http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.htmlVendor Advisory
- http://www.securityfocus.com/bid/13124
- http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.htmlVendor Advisory
- http://www.securityfocus.com/bid/13124
FAQ
What is CVE-2005-0067?
CVE-2005-0067 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connect...
How severe is CVE-2005-0067?
CVE-2005-0067 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0067?
Check the references section above for vendor advisories and patch information. Affected products include: Tcp Tcp.