OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities

CVE Category Price Severity
CVE-2019-17609 CWE-399 Not specified High
Author Risk Exploitation Type Date
hyp3rlinx High Remote 2005-10-06
Our sensors found this exploit at:

Below is a copy:

Hash: SHA1


SCO Security Advisory

Subject:OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities
Advisory number: SCOSA-2005.38
Issue date: 2005 September 22
Cross reference:sr894918 fz530661 erg712928 CAN-2004-0790 CAN-2004-0791 CAN-2004-1060

1. Problem Description

The Internet Control Message Protocol is used to alert
hosts on a network about certain situations, and the hosts
then take automatic action to prevent network failures or
to improve transport efficiency. The RFC recommends no
security checking for in-bound ICMP messages, so long as
a related connection exists, and may potentially allow
several different Denials of Service. The following
individual attacks are reported: A blind connection-reset
attack is reported, which takes advantage of the specification
that describes that on receiving a 'hard' ICMP error, the
corresponding connection should be aborted. A remote
attacker may terminate target TCP connections and deny
service for legitimate users. 
The Common Vulnerabilities and Exposures project ( 
has assigned the name CAN-2004-0790 to this issue. 

An ICMP Source Quench
attack is reported, which exploits the specification that
a host must react to ICMP Source Quench messages by slowing
transmission on the associated connection. A remote attacker
may effectively degrade performance for a legitimate

The Common Vulnerabilities and Exposures project ( 
has assigned the name CAN-2004-0791 to this issue. 

A suitable forged ICMP PMTUD message may be used to reduce the 
MTU for a given connection in a similar manner. 

The Common Vulnerabilities and Exposures project ( 
has assigned the name CAN-2004-1060 to this issue.

2. Vulnerable Supported Versions

OpenServer 6.0.0 inet driver

3. Solution

The proper solution is to install the latest packages.

4. OpenServer 6.0.0

4.1 Location of Fixed Binaries

4.2 Verification

MD5 (VOL.000.000) = 8b97daeeba0c5653d1e01d589109c250

md5 is available for download from

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to a directory

2) Run the custom command, specify an install from media
images, and specify the directory as the location of the

5. References

Specific references for this advisory:

SCO security resources:

SCO security advisories via email

This security fix closes SCO incidents sr894918 fz530661

6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO

7. Acknowledgments

The SCO Group would like to thank Fernando Gont for reporting
these issues.


Version: GnuPG v1.4.2 (SCO/SYSV)


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.