Details of VAR-200407-0089

ID

VAR-200407-0089

CVE

CVE-2004-0459

TITLE

IEEE 802.11 wireless network protocol DSSS CCA algorithm vulnerable to denial of service

Trust: 0.8

sources: CERT/CC: VU#106678

DESCRIPTION

The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wireless protocol, when using DSSS transmission encoding, allows remote attackers to cause a denial of service via a certain RF signal that causes a channel to appear busy (aka "jabber"), which prevents devices from transmitting data. IEEE of 802.11 wireless protocol Exists in unspecified vulnerabilities.None. This issue is due to a design error that might cause an affected device to stop transmitting network data through wireless mediums. This issue is reported to affect only wireless hardware devices that implement IEEE 802.11 using a DSSS physical layer

Trust: 2.7

sources: NVD: CVE-2004-0459 // CERT/CC: VU#106678 // JVNDB: JVNDB-2004-000900 // BID: 10342 // VULHUB: VHN-8889

AFFECTED PRODUCTS

vendor:	ieee	model:	802.11 wireless protocol	scope:	-	version:	-	Trust: 1.4
vendor:	ieee	model:	802.11 wireless protocol	scope:	eq	version:	*	Trust: 1.0
vendor:	aruba	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ieee	model:	802.11 wireless protocol	scope:	eq	version:	-	Trust: 0.8
vendor:	ieee	model:	802.11g low-speed	scope:	-	version:	-	Trust: 0.3
vendor:	ieee	model:	802.11b	scope:	-	version:	-	Trust: 0.3
vendor:	ieee	model:	-	scope:	eq	version:	802.11	Trust: 0.3
vendor:	avaya	model:	wireless ap-8	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	wireless ap-6	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	wireless ap-5	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	wireless ap-4	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	wireless ap-3	scope:	-	version:	-	Trust: 0.3
vendor:	ieee	model:	802.11g high-speed	scope:	ne	version:	-	Trust: 0.3
vendor:	ieee	model:	802.11a	scope:	ne	version:	-	Trust: 0.3

sources: CERT/CC: VU#106678 // BID: 10342 // JVNDB: JVNDB-2004-000900 // CNNVD: CNNVD-200407-023 // NVD: CVE-2004-0459

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0459
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#106678
value:	14.11
Trust: 0.8
NVD:	CVE-2004-0459
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200407-023
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-8889
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-0459
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8889
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#106678 // VULHUB: VHN-8889 // JVNDB: JVNDB-2004-000900 // CNNVD: CNNVD-200407-023 // NVD: CVE-2004-0459

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000900 // NVD: CVE-2004-0459

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200407-023

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200407-023

EXTERNAL IDS

db:	CERT/CC	id:	VU#106678	Trust: 3.6
db:	NVD	id:	CVE-2004-0459	Trust: 3.3
db:	AUSCERT	id:	AA-2004.02	Trust: 2.8
db:	BID	id:	10342	Trust: 2.8
db:	SECTRACK	id:	1010152	Trust: 2.5
db:	OSVDB	id:	16034	Trust: 1.7
db:	JVNDB	id:	JVNDB-2004-000900	Trust: 0.8
db:	XF	id:	16138	Trust: 0.6
db:	XF	id:	80211	Trust: 0.6
db:	FULLDISC	id:	20040513 802.11B (OTHERS) SINGLE PACKET DOS	Trust: 0.6
db:	CNNVD	id:	CNNVD-200407-023	Trust: 0.6
db:	VULHUB	id:	VHN-8889	Trust: 0.1

sources: CERT/CC: VU#106678 // VULHUB: VHN-8889 // BID: 10342 // JVNDB: JVNDB-2004-000900 // CNNVD: CNNVD-200407-023 // NVD: CVE-2004-0459

REFERENCES

url:	http://www.auscert.org.au/render.html?it=4091	Trust: 2.8
url:	http://www.kb.cert.org/vuls/id/106678	Trust: 2.8
url:	http://www.securityfocus.com/bid/10342	Trust: 2.5
url:	http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0631.html	Trust: 2.5
url:	http://support.avaya.com/elmodocs2/security/asa-2004-009.pdf	Trust: 2.5
url:	http://securitytracker.com/id?1010152	Trust: 2.5
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16138	Trust: 1.9
url:	http://www.osvdb.org/16034	Trust: 1.7
url:	http://www.isi.qut.edu.au/research/publications/technical/wlan.php	Trust: 0.8
url:	http://ieeexplore.ieee.org/search/srchabstract.jsp?arnumber=1319575&isnumber=29245&punumber=9227&k2dockey=1319575@ieeecnfs	Trust: 0.8
url:	http://standards.ieee.org/getieee802/download/802.11-1999.pdf	Trust: 0.8
url:	http://ieeexplore.ieee.org/iel5/9227/29245/01319575.pdf	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0459	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/16138	Trust: 0.6
url:	http://support.avaya.com/japple/css/japple?temp.groupid=128450&temp.selectedfamily=128451&temp.selectedproduct=154235&temp.selectedbucket=126655&temp.feedbackstate=askforfeedback&temp.documentid=16277	Trust: 0.3
url:	http://www.avaya.com	Trust: 0.3

sources: CERT/CC: VU#106678 // VULHUB: VHN-8889 // BID: 10342 // JVNDB: JVNDB-2004-000900 // CNNVD: CNNVD-200407-023 // NVD: CVE-2004-0459

CREDITS

The individual or group responsible for discovery of this issue is currently unknown.

Trust: 0.3

sources: BID: 10342

SOURCES

db:	CERT/CC	id:	VU#106678
db:	VULHUB	id:	VHN-8889
db:	BID	id:	10342
db:	JVNDB	id:	JVNDB-2004-000900
db:	CNNVD	id:	CNNVD-200407-023
db:	NVD	id:	CVE-2004-0459

LAST UPDATE DATE

2024-08-14T12:24:10.145000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#106678	date:	2008-02-15T00:00:00
db:	VULHUB	id:	VHN-8889	date:	2017-07-11T00:00:00
db:	BID	id:	10342	date:	2004-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2004-000900	date:	2024-06-04T08:54:00
db:	CNNVD	id:	CNNVD-200407-023	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0459	date:	2017-07-11T01:30:10.603

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#106678	date:	2004-05-13T00:00:00
db:	VULHUB	id:	VHN-8889	date:	2004-07-07T00:00:00
db:	BID	id:	10342	date:	2004-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2004-000900	date:	2024-06-04T00:00:00
db:	CNNVD	id:	CNNVD-200407-023	date:	2004-07-07T00:00:00
db:	NVD	id:	CVE-2004-0459	date:	2004-07-07T04:00:00