Vulnerabilities > CVE-2001-1244 - Denial of Service vulnerability in Multiple Vendor Small TCP MSS

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
freebsd
hp
linux
microsoft
netbsd
openbsd
sun
exploit available

Summary

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.

Exploit-Db

descriptionHP-UX 11,Linux kernel 2.4,Windows 2000/NT 4.0,IRIX 6.5 Small TCP MSS DoS. CVE-2001-1244. Dos exploits for multiple platform
idEDB-ID:20997
last seen2016-02-02
modified2001-07-07
published2001-07-07
reporterDarren Reed
sourcehttps://www.exploit-db.com/download/20997/
titleHP-UX 11,Linux kernel 2.4,Windows 2000/NT 4.0,IRIX 6.5 Small TCP MSS DoS