ID

VAR-200603-0486


CVE

CVE-2006-0956


TITLE

NuFW nuauth Remotely TLS Connection Processing Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200603-006

DESCRIPTION

nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server. NuFW is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle excessive authentication requests. This issue results in the 'nuauth' module failing to respond to new authentication requests, denying service to further users. NuFW versions prior to 1.0.21 are affected by this issue

Trust: 1.26

sources: NVD: CVE-2006-0956 // BID: 16868 // VULHUB: VHN-17064

AFFECTED PRODUCTS

vendor:nufwmodel:firewallscope:eqversion:1.0.20

Trust: 1.6

vendor:nufwmodel:nufwscope:eqversion:1.0.20

Trust: 0.3

vendor:nufwmodel:nufwscope:eqversion:1.0.19

Trust: 0.3

vendor:nufwmodel:nufwscope:eqversion:1.0.18

Trust: 0.3

vendor:nufwmodel:nufwscope:eqversion:1.0.17

Trust: 0.3

vendor:nufwmodel:nufwscope:eqversion:1.0.16

Trust: 0.3

vendor:nufwmodel:nufwscope:eqversion:1.0.15

Trust: 0.3

vendor:nufwmodel:nufwscope:eqversion:1.0.14

Trust: 0.3

vendor:nufwmodel:nufwscope:eqversion:1.0.13

Trust: 0.3

vendor:nufwmodel:nufwscope:eqversion:1.0.12

Trust: 0.3

vendor:nufwmodel:nufwscope:eqversion:1.0.11

Trust: 0.3

vendor:nufwmodel:nufwscope:neversion:1.0.21

Trust: 0.3

sources: BID: 16868 // CNNVD: CNNVD-200603-006 // NVD: CVE-2006-0956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0956
value: LOW

Trust: 1.0

CNNVD: CNNVD-200603-006
value: LOW

Trust: 0.6

VULHUB: VHN-17064
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2006-0956
severity: LOW
baseScore: 1.7
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-17064
severity: LOW
baseScore: 1.7
vectorString: AV:L/AC:L/AU:S/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-17064 // CNNVD: CNNVD-200603-006 // NVD: CVE-2006-0956

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0956

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200603-006

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200603-006

EXTERNAL IDS

db:BIDid:16868

Trust: 2.0

db:NVDid:CVE-2006-0956

Trust: 1.7

db:VUPENid:ADV-2006-0762

Trust: 1.7

db:SECUNIAid:19046

Trust: 1.7

db:CNNVDid:CNNVD-200603-006

Trust: 0.6

db:VULHUBid:VHN-17064

Trust: 0.1

sources: VULHUB: VHN-17064 // BID: 16868 // CNNVD: CNNVD-200603-006 // NVD: CVE-2006-0956

REFERENCES

url:http://www.nufw.org/+nufw-1-21-minor-security-fix+.html

Trust: 2.0

url:http://www.securityfocus.com/bid/16868

Trust: 1.7

url:http://secunia.com/advisories/19046

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0762

Trust: 1.1

url:http://www.frsirt.com/english/advisories/2006/0762

Trust: 0.6

url:http://www.nufw.org/

Trust: 0.3

sources: VULHUB: VHN-17064 // BID: 16868 // CNNVD: CNNVD-200603-006 // NVD: CVE-2006-0956

CREDITS

The vendor disclosed this issue.

Trust: 0.9

sources: BID: 16868 // CNNVD: CNNVD-200603-006

SOURCES

db:VULHUBid:VHN-17064
db:BIDid:16868
db:CNNVDid:CNNVD-200603-006
db:NVDid:CVE-2006-0956

LAST UPDATE DATE

2024-11-23T22:15:16.430000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-17064date:2011-03-08T00:00:00
db:BIDid:16868date:2006-03-03T06:11:00
db:CNNVDid:CNNVD-200603-006date:2006-03-03T00:00:00
db:NVDid:CVE-2006-0956date:2024-11-21T00:07:43.520

SOURCES RELEASE DATE

db:VULHUBid:VHN-17064date:2006-03-02T00:00:00
db:BIDid:16868date:2006-02-28T00:00:00
db:CNNVDid:CNNVD-200603-006date:2006-03-02T00:00:00
db:NVDid:CVE-2006-0956date:2006-03-02T23:02:00