CVE-2004-0790 - Vulnerability Details

Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.86962.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 2000 Windows 2003 Server Windows 98 Windows 98se Windows Me Windows Xp
Sun	Solaris Sunos

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_2000::sp3::::::*
	cpe:2.3:o:microsoft:windows_2000::sp4::fr::::
	cpe:2.3:o:microsoft:windows_2003_server:r2:::::::*
	cpe:2.3:o:microsoft:windows_98::gold::::::*
	cpe:2.3:o:microsoft:windows_98se::::::::
	cpe:2.3:o:microsoft:windows_me::::::::
	cpe:2.3:o:microsoft:windows_xp:::64-bit:::::*
	cpe:2.3:o:microsoft:windows_xp::sp1:64-bit:::::
	cpe:2.3:o:microsoft:windows_xp::sp1:tablet_pc:::::
	cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc:::::
	cpe:2.3:o:sun:solaris:9.0::sparc:::::
	cpe:2.3:o:sun:solaris:10.0::sparc:::::
	cpe:2.3:o:sun:sunos:5.7:::::::*
	cpe:2.3:o:sun:sunos:5.8:::::::*

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.4/SCOSA-2006.4.txt
http://marc.info/?l=bugtraq&m=112861397904255&w=2
http://secunia.com/advisories/18317
http://secunia.com/advisories/22341
http://securityreason.com/securityalert/19
http://securityreason.com/securityalert/57
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101658-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
http://www.securityfocus.com/archive/1/418882/100/0/threaded
http://www.securityfocus.com/archive/1/449179/100/0/threaded
http://www.securityfocus.com/bid/13124
http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
http://www.vupen.com/english/advisories/2006/3983
http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1177
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A176
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1910
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A211
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3458
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A412
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4804
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A53
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A622

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-04-13T04:00:00

Updated: 2024-08-08T00:31:47.426Z

Reserved: 2004-08-17T00:00:00

Link: CVE-2004-0790

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-04-12T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-0790

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object