CVE-2004-1060 - CVE Reference - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

CVE Reference: CVE-2004-1060

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-1060

Description: Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

CVE Status: Candidate

References: SREASON http://securityreason.com/securityalert/19 http://securityreason.com/securityalert/57 SCO SAID Secunia Advisory: SA18317 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:651 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:405 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:196 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:780 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:181 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3826 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2188 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:899 MS http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx MISC http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en HP http://www.securityfocus.com/archive/1/archive/1/418882/100/0/threaded http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2 CISCO http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml BID 13124

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	WMNews Cross-Site Scripting Vulnerabilities

2.	Joomla Community Builder Component File Inclusion

3.	dotProject SQL Injection and Cross-Site Scripting

4.	OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability

5.	Novell eDirectory Multiple Vulnerabilities

6.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

7.	Caudium "configvar" Insecure Temporary Files

8.	Slackware update for amarok

9.	Acoustica Mixcraft ".mx4" File Processing Buffer Overflow

10.	Blogn Cross-Site Scripting and Cross-Site Request Forgery