Multiple Vendor ICMP Implementation - Spoofed Source Quench Packet Denial of Service

EDB-ID:

25387




Platform:

Multiple

Date:

2005-04-12


source: https://www.securityfocus.com/bid/13124/info

Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) are reported prone to several denial-of-service attacks.

ICMP is employed by network nodes to determine certain automatic actions to take based on network failures reported by an ICMP message.

Reportedly, the RFC doesn't recommend security checks for ICMP error messages. As long as an ICMP message contains a valid source and destination IP address and port pair, it will be accepted for an associated connection.

The following individual attacks are reported:

- A blind connection-reset attack. This attack takes advantage of the specification that describes that on receiving a 'hard' ICMP error, the corresponding connection should be aborted. The Mitre ID CAN-2004-0790 is assigned to this issue.

A remote attacker may exploit this issue to terminate target TCP connections and deny service for legitimate users.

- An ICMP Source Quench attack. This attack takes advantage of the specification that a host must react to receive ICMP Source Quench messages by slowing transmission on the associated connection. The Mitre ID CAN-2004-0791 is assigned to this issue.

A remote attacker may exploit this issue to degrade the performance of TCP connections and partially deny service for legitimate users.

- An attack against ICMP PMTUD is reported to affect multiple vendors when they are configured to employ PMTUD. By sending a suitable forged ICMP message to a target host, an attacker may reduce the MTU for a given connection. The Mitre ID CAN-2004-1060 is assigned to this issue.

A remote attacker may exploit this issue to degrade the performance of TCP connections and partially deny service for legitimate users.

**Update: Microsoft platforms are also reported prone to these issues. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25387.tar.gz