| VID |
12053 |
| Severity |
40 |
| Port |
|
| Protocol |
TCP |
| Class |
Protocol |
| Detailed Description |
The machine appears to be crashed by the 'land' attack using a "loopback" condition. A number of TCP/IP stacks are vulnerable to a "loopback" condition initiated by sending a TCP SYN packet with the source address and port spoofed to equal the destination address and port. When a packet of this sort is received, an infinite loop is initiated and the affected system halts.
Land is a widely available attack tool that exploits this vulnerability.
* References:
http://www.cert.org/advisories/CA-1997-28.html
http://ciac.llnl.gov/ciac/bulletins/i-019.shtml
* Platforms Affected:
Windows 95, Windows NT 4.0 up to SP3
Cisco IOS devices & catalyst switches
HP-UX up to 11.00
FreeBSD Any version |
| Recommendation |
For Windows NT:
Apply the latest Service Pack (SP4 or later) for Windows NT, available from the Microsoft Web site at http://support.microsoft.com/support/ntserver/Content/ServicePacks/
For HP-UX:
Apply the appropriate patch for your system, as listed in Hewlett-Packard Security Bulletin HPSBUX9801-076 at http://online.securityfocus.com/advisories/1481
For FreeBSD:
Apply the patch dated 1998-01, as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-98:01 at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-98:01.land.asc
For Novell NetWare:
Apply the ftcpsv09.exe (or later), and modify the STARTUP.NCF file to block these type of attacks, as listed in Novell Technical Information Document #2932511 at http://support.novell.com/cgi-bin/search/tidfinder.cgi?2932511
For other distributions:
Contact your vendor for upgrade or patch information.
As a workaround, filter out all incoming packets claiming to originate from the internal network. |
| Related URL |
CVE-1999-0016 (CVE) |
| Related URL |
2666 (SecurityFocus) |
| Related URL |
288 (ISS) |
|
