CVE-ID

CVE-1999-0454

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Entry Created
19990607 Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (19990728)
Votes (Legacy)
MODIFY(1) Frech
NOOP(2) Christey, Wall
REJECT(2) Baker, Northcutt
Comments (Legacy)
 Northcutt> Nmap and queso are the tip of the iceberg and not the most advanced
   ways to accomplish this.  To pursue making the world signature free
   is as much a vulnerability as having signatures, nay more.
 Frech> XF:decod-nmap(2053)
   XF:decod-queso(2048)
 Christey> Add "fingerprinting" to facilitate search.
   Some references:
   MISC:http://www.insecure.org/nmap/nmap-fingerprinting-article.html
   BUGTRAQ:19981228 A few more fingerprinting techniques - time and netmask
   http://marc.theaimsgroup.com/?l=bugtraq&m=91489155019895&w=2
   BUGTRAQ:19990222 Preventing remote OS detection
   http://marc.theaimsgroup.com/?l=bugtraq&m=91971553006937&w=2
   BUGTRAQ:20000901 ICMP Usage In Scanning v2.0 - Research Paper
   http://marc.theaimsgroup.com/?l=bugtraq&m=96791499611849&w=2
   BUGTRAQ:20000912 Using the Unused (Identifying OpenBSD,
   http://marc.theaimsgroup.com/?l=bugtraq&m=96879267724690&w=2
   BUGTRAQ:20000912 The DF Bit Playground (Identifying Sun Solaris & OpenBSD OSs)
   http://marc.theaimsgroup.com/?l=bugtraq&m=96879481129637&w=2
   BUGTRAQ:20000816 TOSing OSs out of the window / Fingerprinting Windows 2000 with
   http://marc.theaimsgroup.com/?l=bugtraq&m=96644121403569&w=2
   BUGTRAQ:20000609 p0f - passive os fingerprinting tool
   http://marc.theaimsgroup.com/?l=bugtraq&m=96062535628242&w=2
 Baker> I think we can probably reject this as the corollary is that you can identify OS from a IP/TCP packet sent by a system, looking at various parts of the SYN packet.  Unless we believe that all systems should always use identical packet header/identical responses, in which case the protocol should not permit variation.

Proposed (Legacy)
19990728
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.