CVE-2006-1242 — Vulnetix

Try Vulnetix Request Demo

CVE-2006-1242 PUBLISHED

Reported by mitre · Published March 15, 2006

The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a, n/a, n/a

Timeline

Mar 15, 2006 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

RHSA-2006:0437 vendor-advisoryx_refsource_REDHAT
ADV-2006-2554 vdb-entryx_refsource_VUPEN
x_refsource_CONFIRM
20060315 Re: Linux zero IP ID vulnerability? mailing-listx_refsource_BUGTRAQ
USN-281-1 vendor-advisoryx_refsource_UBUNTU
21136 third-party-advisoryx_refsource_SECUNIA
19402 third-party-advisoryx_refsource_SECUNIA
20060316 Re: Linux zero IP ID vulnerability? mailing-listx_refsource_BUGTRAQ
21983 third-party-advisoryx_refsource_SECUNIA
17109 vdb-entryx_refsource_BID
DSA-1097 vendor-advisoryx_refsource_DEBIAN
RHSA-2006:0575 vendor-advisoryx_refsource_REDHAT
20060314 Linux zero IP ID vulnerability? mailing-listx_refsource_BUGTRAQ
SUSE-SA:2006:028 vendor-advisoryx_refsource_SUSE
19955 third-party-advisoryx_refsource_SECUNIA
20060323 Re: Linux zero IP ID vulnerability? mailing-listx_refsource_BUGTRAQ
x_refsource_CONFIRM
DSA-1103 vendor-advisoryx_refsource_DEBIAN
21465 third-party-advisoryx_refsource_SECUNIA
oval:org.mitre.oval:def:10317 vdb-entrysignaturex_refsource_OVAL

…and 8 more

Open in Interactive Console →