CVE-2004-0791

Description

Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

5.0

CVSS

Severity: Medium

CVSS 2.0 •

EPSS 26.64% Top 5%

Vendor Advisory securityfocus.com Vendor Advisory redhat.com Vendor Advisory securityfocus.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory marc.info Vendor Advisory sun.com Vendor Advisory sun.com Vendor Advisory sco.com Vendor Advisory securityfocus.com Vendor Advisory gov.uk

Affected: n/a n/a

References

Link	Tags
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1112	vdb entry signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A184	vdb entry signature
http://www.securityfocus.com/bid/13124	vdb entry
http://www.securityfocus.com/archive/1/418882/100/0/threaded	vendor advisory
http://www.redhat.com/support/errata/RHSA-2005-017.html	vendor advisory
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
http://www.securityfocus.com/archive/1/428058/100/0/threaded	vendor advisory
http://www.redhat.com/support/errata/RHSA-2005-016.html	vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10228	vdb entry signature
http://www.redhat.com/support/errata/RHSA-2005-043.html	vendor advisory
http://marc.info/?l=bugtraq&m=112861397904255&w=2	vendor advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1	vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A596	vdb entry signature
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101658-1	vendor advisory
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.4/SCOSA-2006.4.txt	vendor advisory
http://secunia.com/advisories/18317	third party advisory
http://www.securityfocus.com/archive/1/428028/100/0/threaded	vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A464	vdb entry signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A726	vdb entry signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A688	vdb entry signature
http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en	vendor advisory
http://securityreason.com/securityalert/19	third party advisory
http://securityreason.com/securityalert/57	third party advisory
http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt

Frequently Asked Questions

What is the severity of CVE-2004-0791?: CVE-2004-0791 has been scored as a medium severity vulnerability.
How to fix CVE-2004-0791?: To fix CVE-2004-0791, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2004-0791 being actively exploited in the wild?: It is possible that CVE-2004-0791 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~27% probability that this vulnerability will be exploited by malicious actors in the next 30 days.