header-logo
Suggest Exploit
vendor:
Tru64, Digital Unix, and VxWorks
by:
SecurityFocus
8
CVSS
HIGH
Denial of Service
399
CWE
Product Name: Tru64, Digital Unix, and VxWorks
Affected Version From: Tru64 4.0E
Affected Version To: Various versions of Digital Unix and VxWorks
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Tru64 Denial of Service Vulnerability

It has been reported that Tru64 systems may be prone to a denial of service condition when handling malformed TCP packets. Specifically, when processing a malformed TCP packet with both the SYN and FIN flags set, vulnerable Tru64 systems may block indefinitely, thus causing a denial of service. As a result other legitimate users may no longer be capable of accessing remote services.

Mitigation:

System administrators should ensure that all systems are running the latest version of Tru64, Digital Unix, or VxWorks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4011/info

It has been reported that Tru64 systems may be prone to a denial of service condition when handling malformed TCP packets.

Specifically, when processing a malformed TCP packet with both the SYN and FIN flags set, vulnerable Tru64 systems may block indefinitely, thus causing a denial of service. As a result other legitimate users may no longer be capable of accessing remote services.

This vulnerability is said to affect Tru64 4.0E as well as various versions of Digital Unix and VxWorks.

hping2 -a <spoofed ip> -SPF -p 21 -c 1 <dest ip>

Navigation

Suggest Exploit

Services By CQR