Vulnerabilities > CVE-2001-1244 - Denial of Service vulnerability in Multiple Vendor Small TCP MSS

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 4.3	1
OS	Hp HP HP UX 11.00 HP HP UX 11.0.4 HP HP UX 11.11 HP Vvos 11.04	4
OS	Linux Linux Linux Kernel 2.4.0 Linux Linux Kernel 2.4.1 Linux Linux Kernel 2.4.2 Linux Linux Kernel 2.4.3 Linux Linux Kernel 2.4.4 Linux Linux Kernel 2.4.5	6
OS	Microsoft Microsoft Windows 2000 * Microsoft Windows NT 4.0	11
OS	Netbsd Netbsd Netbsd 1.5 Netbsd Netbsd 1.5.1	2
OS	Openbsd Openbsd Openbsd 2.8 Openbsd Openbsd 2.9	2
OS	Sun SUN Sunos 5.5.1 SUN Sunos 5.7 SUN Sunos 5.8	3

Exploit-Db

description	HP-UX 11,Linux kernel 2.4,Windows 2000/NT 4.0,IRIX 6.5 Small TCP MSS DoS. CVE-2001-1244. Dos exploits for multiple platform
id	EDB-ID:20997
last seen	2016-02-02
modified	2001-07-07
published	2001-07-07
reporter	Darren Reed
source	https://www.exploit-db.com/download/20997/
title	HP-UX 11,Linux kernel 2.4,Windows 2000/NT 4.0,IRIX 6.5 Small TCP MSS DoS

Summary

Vulnerable Configurations

Exploit-Db

References