Details of VAR-200512-0696

ID

VAR-200512-0696

CVE

CVE-2005-4464

TITLE

Ingate Firewall and SIParator Remote Kernel Deadlock Denial Of Service Vulnerability

Trust: 0.9

sources: BID: 16023 // CNNVD: CNNVD-200512-513

DESCRIPTION

Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote attackers to cause a denial of service (kernel deadlock) by sending a SYN packet for a TCP stream, which requires an RST packet in response. Ingate Firewall and SIParator products are susceptible to a remote denial of service vulnerability. TITLE: Ingate Firewall and SIParator Denial of Service Vulnerability SECUNIA ADVISORY ID: SA18138 VERIFY ADVISORY: http://secunia.com/advisories/18138/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Ingate SIParator 4.x http://secunia.com/product/5687/ Ingate Firewall 4.x http://secunia.com/product/4050/ DESCRIPTION: A vulnerability has been reported in Ingate Firewall and SIParator, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the kernel when handling certain TCP packets in a media stream. SOLUTION: Update to version 4.3.4. http://www.ingate.com/upgrades.php PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.ingate.com/relnote-434.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-4464 // BID: 16023 // VULHUB: VHN-15672 // PACKETSTORM: 42481

AFFECTED PRODUCTS

vendor:	ingate	model:	siparator	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	eq	version:	4.3	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	eq	version:	4.2.3	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	eq	version:	3.2	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	4.3	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	4.2.3	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	eq	version:	3.2	Trust: 0.3
vendor:	ingate	model:	siparator	scope:	ne	version:	4.3.4	Trust: 0.3
vendor:	ingate	model:	firewall	scope:	ne	version:	4.3.4	Trust: 0.3

sources: BID: 16023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-4464
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200512-513
value:	HIGH
Trust: 0.6
VULHUB:	VHN-15672
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-4464
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-15672
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-15672 // CNNVD: CNNVD-200512-513 // NVD: CVE-2005-4464

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4464

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-513

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200512-513

EXTERNAL IDS

db:	BID	id:	16023	Trust: 2.0
db:	SECUNIA	id:	18138	Trust: 1.8
db:	VUPEN	id:	ADV-2005-3011	Trust: 1.7
db:	NVD	id:	CVE-2005-4464	Trust: 1.7
db:	CNNVD	id:	CNNVD-200512-513	Trust: 0.7
db:	VULHUB	id:	VHN-15672	Trust: 0.1
db:	PACKETSTORM	id:	42481	Trust: 0.1

sources: VULHUB: VHN-15672 // BID: 16023 // PACKETSTORM: 42481 // CNNVD: CNNVD-200512-513 // NVD: CVE-2005-4464

REFERENCES

url:	http://www.ingate.com/relnote-434.php	Trust: 2.1
url:	http://www.securityfocus.com/bid/16023	Trust: 1.7
url:	http://secunia.com/advisories/18138	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2005/3011	Trust: 1.1
url:	http://www.frsirt.com/english/advisories/2005/3011	Trust: 0.6
url:	http://www.ingate.com/	Trust: 0.3
url:	http://secunia.com/advisories/18138/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/4050/	Trust: 0.1
url:	http://secunia.com/product/5687/	Trust: 0.1
url:	http://www.ingate.com/upgrades.php	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-15672 // BID: 16023 // PACKETSTORM: 42481 // CNNVD: CNNVD-200512-513 // NVD: CVE-2005-4464

CREDITS

Ingate

Trust: 0.6

sources: CNNVD: CNNVD-200512-513

SOURCES

db:	VULHUB	id:	VHN-15672
db:	BID	id:	16023
db:	PACKETSTORM	id:	42481
db:	CNNVD	id:	CNNVD-200512-513
db:	NVD	id:	CVE-2005-4464

LAST UPDATE DATE

2024-08-14T14:48:01.542000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-15672	date:	2011-03-08T00:00:00
db:	BID	id:	16023	date:	2005-12-21T00:00:00
db:	CNNVD	id:	CNNVD-200512-513	date:	2005-12-28T00:00:00
db:	NVD	id:	CVE-2005-4464	date:	2011-03-08T02:28:20.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-15672	date:	2005-12-22T00:00:00
db:	BID	id:	16023	date:	2005-12-21T00:00:00
db:	PACKETSTORM	id:	42481	date:	2005-12-22T07:01:32
db:	CNNVD	id:	CNNVD-200512-513	date:	2005-12-21T00:00:00
db:	NVD	id:	CVE-2005-4464	date:	2005-12-22T00:03:00