Does the ICMP Based TCP Reset Denial of Service Vulnerability fixed in RHEL 6 ?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 2.1, 3, 5, 6
  • kernel

Issue

  • CVE database doesn't has no entry about related CVE i:e CVE-2005-0068.
  • Is it fixed in RHEL5 and/or RHEL6 ?

Resolution

  • The entry in Red Hat CVE database for this issue is under CVE-2004-0791.
  • CVE-2004-0791, CVE-2004-0790, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability.
  • CVE-2004-0791 is related about RHEL2.1 and 3. Refer CVE-2004-0791 for more information.
  • So neither RHEL5 nor RHEL6 are affected by the said vulnerability.

Root Cause

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0790

  • Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack."
  • NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.