Vulnerabilities > CVE-2006-3920 - Denial-Of-Service vulnerability in Solaris
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_117470.NASL description SunOS 5.9_x86: tcp Patch. Date this patch was last updated by Sun : Jul/09/07 last seen 2016-09-26 modified 2011-09-18 plugin id 18079 published 2005-04-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=18079 title Solaris 9 (x86) : 117470-09 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(18079); script_version("1.30"); script_name(english: "Solaris 9 (x86) : 117470-09"); script_cve_id("CVE-2004-0790", "CVE-2004-0791", "CVE-2006-3920"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 117470-09"); script_set_attribute(attribute: "description", value: 'SunOS 5.9_x86: tcp Patch. Date this patch was last updated by Sun : Jul/09/07'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/117470-09"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/17"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/09/07"); script_end_attributes(); script_summary(english: "Check for patch 117470-09"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"117470-09", obsoleted_by:"119435-20 ", package:"SUNWcsr", version:"11.9.0,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"117470-09", obsoleted_by:"119435-20 ", package:"SUNWcsu", version:"11.9.0,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"117470-09", obsoleted_by:"119435-20 ", package:"SUNWhea", version:"11.9.0,REV=2002.11.04.02.51"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_warning(0); else security_warning(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_118305.NASL description SunOS 5.9: tcp Patch. Date this patch was last updated by Sun : Jul/09/07 last seen 2016-09-26 modified 2011-09-18 plugin id 18075 published 2005-04-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=18075 title Solaris 9 (sparc) : 118305-10
Oval
| accepted | 2007-09-27T08:57:40.046-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:1374 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2007-08-10T12:25:26.000-04:00 | ||||||||||||||||||||||||
| title | Solaris Hosts are Vulnerable to a Denial of Service Induced by an Internet Transmission Control Protocol (TCP) "ACK Storm" | ||||||||||||||||||||||||
| version | 36 |
References
- http://secunia.com/advisories/21226
- http://secunia.com/advisories/22425
- http://securitytracker.com/id?1016589
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102206-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm
- http://www.vupen.com/english/advisories/2006/2997
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28048
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1374