QwikSec

Security Database

CVE

CWE

Training

CVE-2005-3774

Published: Nov 23, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

cisco-pix-ttl-dos(25079)

vdb-entry

x_refsource_XF

cisco-pix-tcp-data-field-dos(25077)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html

x_refsource_CONFIRM

20051122 Cisco PIX TCP Connection Prevention

mailing-list

x_refsource_FULLDISC

20060307 Cisco PIX embryonic state machine 1b data DoS

mailing-list

x_refsource_BUGTRAQ

20051128 Response to Cisco PIX TCP Connection Prevention

vendor-advisory

x_refsource_CISCO

20060307 Cisco PIX embryonic state machine TTL(n-1) DoS

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_CERT-VN

third-party-advisory

x_refsource_SECUNIA

20060307 RE: Cisco PIX embryonic state machine 1b data DoS

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_VUPEN

20051122 Cisco PIX TCP Connection Prevention

mailing-list

x_refsource_BUGTRAQ

20051122 Cisco PIX TCP Connection Prevention

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.