5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.931 High
EPSS
Percentile
99.1%
Certain TCP implementations may allow a remote attacker to arbitrarily modify host timestamp values, leading to a denial-of-service condition.
The Transmission Control Protocol (TCP) is defined in RFC 793 as a means to provide reliable host-to-host transmission between hosts in a packet-switched computer networks. RFC 1323 introduced techniques to increase the performance of TCP. Two such techniques are TCP timestamps and Protection Against Wrapped Sequence Numbers (PAWS).
In certain implementations of TCP with timestamps enabled, both hosts maintain an internal timer that is used to detect segment loss and regulate traffic flow. PAWS uses timestamps to prevent duplicate or old segments from corrupting an active connection. In PAWS with the timestamps option enabled, hosts use an internal timer to track the value of the timestamp in incoming segments against the last valid timestamp recorded. If the segment’s timestamp is larger than the value of the last valid timestamp and the sequence number is less than the last acknowledgement sent, then the host’s internal timer is updated with the new timestamp value and the segment is passed on for further processing. Otherwise, the segment is rejected as too old or a duplicate.
If a remote attacker can determine the source and destination ports as well as IP addresses of both hosts engaged in an active connection, that attacker may be able to inject a specially crafted segment into the connection. When the spoofed segment is received the host’s internal timer value will be changed to the value in the crafted segment. Please note that, in certain TCP implementations, sequence numbers are not properly validated before the internal timer is updated, soan attacker does not need to know a correct sequence number to change the internal timer. If the internal timer value is set to a large value, then it will likely be larger than the timestamp value in subsequent incoming segments. This will cause new, legitimate TCP segments to be evaluated as too old and discarded. As segments are rejected, the flow of data between hosts stops, resulting in a denial-of-service condition.
For more information about TCP, timestamps, and PAWS please see RFC 793 and RFC 1323.
An unauthenticated, remote attacker could cause TCP connections to abort/drop segments, leading to a denial-of-service condition.
Apply a patch
Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take. Please see the list of vendors we have notified below.
Disable PAWS
As a workaround, disable PAWS and TCP timestamps if they are not needed.
637934
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: March 09, 2005 Updated: June 30, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://support.avaya.com/elmodocs2/security/ASA-2005-148.pdf> for information regarding this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Updated: June 30, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Security Advisory: TCP Vulnerability CAN-2005-0356
Date:
June 28, 2005
Severity:
High
Description:
Some Blue Coat Systems products are vulnerable to the attack described in CAN-2005-0356. This is a denial of service vulnerability that exists for TCP RFC 1323. The issue exists in the Protection Against Wrapped Sequence Numbers (PAWS) technique when TCP PAWS is configured to employ timestamp values.
A successful attack may result in a TCP connection to drop packets, resulting is a denial of service situation.
Affected Systems:
All OS Releases (CacheOS, SGOS)
Workaround:
Disable rfc-1323 support
_
SG3/SG4_
#(config)tcp-ip rfc-1323 disable_
SG2_
#(config) reveal-advanced tcp-ip
#(config) tcp-ip no rfc-1323
Fixed in:
SG3.2.5 (TBD)
SG4.1.2 (TBD)
Additional Information:_
_http://www.kb.cert.org/vuls/id/637934 _
_http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0356
For more information, please contact the Blue Coat Technical Support Department.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: June 06, 2005
Affected
"Cisco Systems, Inc. has released a security notice in response to CERT/CC Vulnerability Note VU#637934, which is available at the following URL:
<http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml>
For up-to-date information on security vulnerabilities in Cisco Systems,
Inc. products, visit <http://www.cisco.com/go/psirt>"
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 25, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c> Revision 1.252.2.16
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: June 20, 2005
Affected
AlaxalA Networks AX series are vulnerable to this issue. More details are available at
<http://www.alaxala.com/jp/support/ICMP-20050518.html> (Japanese)
Hitachi GR2000/GR4000/GS4000/GS3000 are vulnerable to this issue. More details are available at
<http://www.hitachi.co.jp/Prod/comp/network/notice/VU-637934.html> (Japanese)
[NOT VULNERABLE]
Hitachi HI-UX/WE2 is NOT vulnerable to this issue.
Hitachi Cable Apresia/GMX/HSW series are NOT vulnerable to this issue. More details are available at
<http://www.hitachi-cable.co.jp/infosystem/security/hcvu0002.stm> (Japanese)
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 18, 2005
Affected
Changes made during the development of Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and the MS05-019 security update eliminated this vulnerability. If you have installed any of these updates, you are protected from this vulnerability and no further action is required. See
<http://www.microsoft.com/technet/security/advisory/899480.mspx>
for more information about this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Please refer to <http://www.microsoft.com/technet/security/advisory/899480.mspx> and <http://www.microsoft.com/technet/security/advisory/899480.mspx>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 18, 2005
Affected
A patch for OpenBSD 3.6 and previous releases is available at
<http://openbsd.org/errata36.html#tcp>
OpenBSD 3.7, being released on May 19, is not vulnerable because
it contains the fix.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.openbsd.org/errata.html#rtt> and <http://openbsd.org/errata36.html#tcp>
[Note the CERT/CC has not verified the contents of the Vendor Statement above.]
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 19, 2005
Affected
Impact of CERT® Advisory VU#637934 on Redback Products
Vulnerability Description: Systems with persistent TCP connections might be affected by this vulnerability.
The TCP Timestamps option (RFC1323) is deployed widely. There is a variant of the TCP Timestamps option, which would supposedly be more prevalent than the standard algorithm. The variant, however, has a vulnerability which allows malicious, off-path third parties to stall TCP connections.
More details on this vulnerability can be found at the CERT website. (www.cert.org)
**Impacted Redback Products:NONE of **Redback SmartEdge 400, 800 Routers; Redback SmartEdge 400, 800 Service Gateway Systems are impacted by this issue.
NONE of the products of SMS product-line are affected by this issue
Why Redback products are not affected:
The TCP/IP stack on both of Redback product-lines already implements all validation procedures outlined in the CERT advisory before a packet is accepted and the session timestamp updated. Consequently, TCP applications on Redback products are not vulnerable to this attack.
**Recommended Best Practice to Guard Against TCP Attacks:**While there is no way a network operator can completely defend against various vulnerabilities and hacker attacks, Redback Networks products already implement many mechanisms to guard against such attacks. Some examples include:
·MD5 authentication for TCP
·IP source address validation on any subscriber circuit, so no subscriber terminated on the box can participate in this type of attack.
Vulnerability Resolution: NOT Required on this since Redback product-lines are not affected.
For further assistance or information regarding this topic contact the Redback Networks Technical Assistance Center (TAC). TAC is prepared to provide worldwide support for security workarounds that address this issue. There are several known workarounds that can significantly reduce this exposure. The Redback domestic TAC number is (877) 733 2225 and International TAC phone number is 31-104987777. Redback TAC will provide detailed information to our worldwide systems engineers and focal engineers to assist customers in configuring these workarounds.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Updated: May 26, 2005
Affected
YAMAHA products are Vulnerable.
Vendor comment:
We provide the information on this issue.
<http://www.rtpro.yamaha.co.jp/RT/FAQ/TCPIP/VU637934.html> (Japanese).
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 19, 2005
Not Affected
For further information, please refer to the following Check Point SecureKnowledge article: Solution ID: sk30828
<https://secureknowledge.checkpoint.com/sk/public/intro.jsp>.
The vendor has not provided us with any further information regarding this vulnerability.
Please see
<https://secureknowledge.checkpoint.com/sk/public/intro.jsp>
reference ID# sk30828
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 18, 2005
Not Affected
Clavister Security Gateway is itself not vulnerable to this attack. It also has the ability to protect clients against these attacks by allowing the administrator to specify that timestamp options should be removed from TCP packets.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 18, 2005
Not Affected
Foundry Networks products are not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 23, 2005
Not Affected
FUJITSU products are NOT susceptible to this vulnerability.
We continue to check our products.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 17, 2005
Not Affected
sent on May 17, 2005
=====================================================================
=====================================================================
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 17, 2005
Not Affected
The Linux Kernel implements a check “(B’)” as specified in the document. Therefore, the Linux Kernel TCP implementation is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 16, 2005
Not Affected
NextHop Technologies does not provide an implementation of TCP; therefore NextHop software is not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: August 23, 2005
Not Affected
Red Hat Enterprise Linux is not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: April 11, 2005
Not Affected
Not Vulnerable
All versions of the Sidewinder® v5.x Firewall and Sidewinder G2® Security Appliance use one of the implementations recommended for mitigation of this attack. Sidewinder and Sidewinder G2 also support IPsec, allowing a complete workaround for the attack when required. No patches or updates are required.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: April 11, 2005
Not Affected
Solaris is not vulnerable to this issue
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: April 15, 2005
Not Affected
Watchguard’s curent assessment is that we are not affected by this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 18, 2005
Unknown
The Enstara router is vulnerable to the condition described in VU#637934. Because BGP sessions are particularly vulnerable, Chiaro Networks recommends protecting BGP sessions using the following techniques:
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 17, 2005
Unknown
SOURCE: Hewlett-Packard Company Software Security Response Team
x-ref:SSRT5929
HP’s operating system products are not vulnerable.
To report potential security vulnerabilities in HP software, send an E-mail message to [email protected].
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 24, 2005
Unknown
Nortel has posted Security Advisory Bulletin no. 2005005916 addressing the TCP Timestamps issue at <http://nortel.com/securityadvisories>
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2005/20/019115-01.pdf>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: May 18, 2005
Unknown
Wind River customers should access www.windriver.com to determine the potential vulnerability of their product and download an update.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
Notified: March 09, 2005 Updated: March 09, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23637934 Feedback>).
View all 81 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Noritoshi Demizu for researching and reporting this vulnerability.
This document was written by Jeff Gennari.
CVE IDs: | CVE-2005-0356 |
---|---|
Severity Metric: | 4.73 Date Public: |