Multiple Vendor ICMP Implementation - Malformed Path MTU Denial of Service

EDB-ID:

25388




Platform:

Multiple

Date:

2005-04-12


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/13124/info
 
Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) are reported prone to several denial-of-service attacks.
 
ICMP is employed by network nodes to determine certain automatic actions to take based on network failures reported by an ICMP message.
 
Reportedly, the RFC doesn't recommend security checks for ICMP error messages. As long as an ICMP message contains a valid source and destination IP address and port pair, it will be accepted for an associated connection.
 
The following individual attacks are reported:
 
- A blind connection-reset attack. This attack takes advantage of the specification that describes that on receiving a 'hard' ICMP error, the corresponding connection should be aborted. The Mitre ID CAN-2004-0790 is assigned to this issue.
 
A remote attacker may exploit this issue to terminate target TCP connections and deny service for legitimate users.
 
- An ICMP Source Quench attack. This attack takes advantage of the specification that a host must react to receive ICMP Source Quench messages by slowing transmission on the associated connection. The Mitre ID CAN-2004-0791 is assigned to this issue.
 
A remote attacker may exploit this issue to degrade the performance of TCP connections and partially deny service for legitimate users.
 
- An attack against ICMP PMTUD is reported to affect multiple vendors when they are configured to employ PMTUD. By sending a suitable forged ICMP message to a target host, an attacker may reduce the MTU for a given connection. The Mitre ID CAN-2004-1060 is assigned to this issue.
 
A remote attacker may exploit this issue to degrade the performance of TCP connections and partially deny service for legitimate users.
 
**Update: Microsoft platforms are also reported prone to these issues. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/25388.tar.gz