The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of TCP protocol

TCP: Blind Spoofing facilitated by SYN Cookies
When SYN Cookies are enabled, an attacker can optimize a brute force spoofed TCP session, which is 32 times faster...
TCP: packets injection via a firewall and a malware
When an attacker installed an unprivileged malware on a client computer, and when a firewall is located between this client and a TCP server, an attacker who is located on the internet can guess valid sequence numbers, in order to inject data in this TCP session...
FGA-2012-19, sk74640, VIGILANCE-VUL-11656
TCP, Firewalls: TCP Split Handshake
An attacker owing a malicious server can use a special TCP initialization sequence, in order to force the firewall to open a TCP session to the client...
CSCth67416, CSCtn29288, CSCtn29349, KB20877, PSN-2011-04-229, VIGILANCE-VUL-10590
TCP: denial of service Sockstress
An attacker can use a small TCP Window, in order to overload a TCP server...
109444, 110132, 267088, 6759500, 967723, BID-31545, c01923093, CERTA-2009-ALE-017-003, cisco-sa-20090908-tcp24, cisco-sr-20081017-tcp, cpujul2012, CVE-2008-4609, FICORA #193744, HPSBMI02473, MS09-048, SA34, SA35, SA36, SA37, SA38, SA40, SA41, sk42723, sk42725, SOL10509, SOL7301, SOL9293, SSRT080138, SUSE-SA:2009:047, VIGILANCE-VUL-8139, VU#723308
TCP: denial of service Nkiller2
An attacker can use TCP Windows with a zero size in order to overload a TCP server...
109444, 110132, 267088, 6759500, 967723, CERTA-2009-ALE-017-003, cisco-sa-20090908-tcp24, cisco-sr-20081017-tcp, FICORA #193744, MS09-048, SA34, SA35, SA36, SA37, SA38, SA40, SA41, sk42723, sk42725, SOL10509, SOL7301, SOL9293, SUSE-SA:2009:047, VIGILANCE-VUL-8844
TCP: denial of service ACK Storm
An attacker can inject a TCP packet in order to generate a ACK Storm...
102206, 4511681, CERTA-2006-AVI-326, CVE-2006-3920, VIGILANCE-VUL-6042
Linux, IOS: using computer for an idle scan
An attacker can use the computer to do an idle scan on another computer...
BID-17109, CERTA-2002-AVI-035, CVE-2006-1242, DSA-1097-1, DSA-1103-1, MDKSA-2006:086, MDKSA-2006:116, RHSA-2006:043, RHSA-2006:0437-01, RHSA-2006:057, RHSA-2006:0575-01, SUSE-SA:2006:028, VIGILANCE-VUL-5686
TCP: denial of service with optimistic acknowledgement
An attacker can prematurely send acknowledgement packets to force remote TCP stack to increase its sending rate...
BID-15468, PSN-2005-12-004, VIGILANCE-VUL-5359, VU#102014
TCP : déni de service à l'aide de paquets ICMP
Un attaquant peut envoyer de nombreux paquets ICMP dans le but d'interrompre une session TCP...
101658, 2005.05.02, 5084452, 899480, 922819, BID-13124, BID-13215, BID-13367, c00571568, c00576017, CERTA-2005-AVI-023, CERTA-2005-AVI-135, CERTA-2005-AVI-155, CERTA-2006-AVI-444, CISCO20050412a, CVE-2004-0790, CVE-2004-0791, CVE-2004-1060, CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, CVE-2005-0068, CVE-2005-1184, CVE-2005-1192, FLSA:157459-2, FLSA-2006:157459-1, FLSA-2006:157459-2, HP01137, HP01164, HP01210, HPSBTU01210, HPSBUX01137, HPSBUX01164, IY55949, IY55950, IY62006, IY63363, IY63364, IY63365, IY70026, IY70027, IY70028, K23440942, MS05-019, MS06-064, OpenBSD 34-027, OpenBSD 35-015, PSN-2004-09-009, RHSA-2005:043, SOL15792, SOL4583, SSRT4743, SSRT4884, SSRT5954, Sun Alert 57746, V6-TCPICMPERROR, VIGILANCE-VUL-4336, VU#222750
TCP : déni de service à l'aide de paquet Reset
En envoyant des paquets contenant le drapeau Reset et en prédisant certaines informations, un attaquant peut interrompre des sessions TCP actives...
20040403-01-A, 2005.05.02, 236929, 50960, 50961, 58784, 899480, 922819, BID-10183, BSA-2016-005, CERTA-2004-AVI-138, CERTA-2004-AVI-140, CERTA-2004-AVI-143, CERTFR-2014-AVI-308, CERTFR-2017-AVI-034, CERTFR-2017-AVI-044, CERTFR-2017-AVI-054, CERTFR-2017-AVI-131, CERTFR-2020-AVI-308, CISCO20040420a, CISCO20040420b, cisco-sa-20040420-tcp-ios, cisco-sa-20040420-tcp-nonios, CSCed27956, CSCed32349, CVE-2004-0230, FG-IR-16-039, FreeBSD-SA-14:19.tcp, HP01077, IY55949, IY55950, IY62006, IY63363, IY63364, IY63365, IY70026, IY70027, IY70028, JSA10638, MS05-019, MS06-064, NetBSD 2004-006, NetBSD-SA2004-006, Netscreen 58784, OpenBSD 34-019, OpenBSD 35-005, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, SGI 20040403, SUSE-SU-2017:0333-1, SUSE-SU-2017:0437-1, SUSE-SU-2017:0494-1, SUSE-SU-2017:1102-1, V6-TCPRSTWINDOWDOS, VIGILANCE-VUL-4128, VU#415294
Our database contains other pages. You can request a free trial to read them.

Display information about TCP protocol: