• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Nestea variation of teardrop IP fragmentation denial of service.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
19990607 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (19990726)
Votes (Legacy)
ACCEPT(1) Wall
MODIFY(1) Frech
REVIEWING(1) Christey
Comments (Legacy)
 Frech> XF:nestea-linux-dos
 Christey> Not sure how many separate "instances" of Teardrop
   and its ilk.  Also see comments on CVE-1999-0001.
   See: CVE-1999-0015, CVE-1999-0104, CVE-1999-0257, CVE-1999-0258
   Is CVE-1999-0001 the same as CVE-1999-0052?  That one is related
   to nestea (CVE-1999-0257) and probably the one described in
   BUGTRAQ:19981023 nestea v2 against freebsd 3.0-Release
   The patch for nestea is in ip_input.c around line 750.
   The patches for CVE-1999-0001 are in lines 388&446.  So, 
   CVE-1999-0001 is different from CVE-1999-0257 and CVE-1999-0052.
   The FreeBSD patch for CVE-1999-0052 is in line 750.
   So, CVE-1999-0257 and CVE-1999-0052 may be the same, though
   CVE-1999-0052 should be RECAST since this bug affects Linux
   and other OSes besides FreeBSD.
   Also see BUGTRAQ:19990909 CISCO and nestea.
   Finally, note that there is no fundamental difference between
   nestea and nestea2/nestea-v2; they are different ports that
   exploit the same problem.
   The original nestea advisory is at
   but notice that the suggested fix is in line 375 of
   ip_fragment.c, not ip_input.c.
 Christey> See the SCO advisory at:
   which may further clarify the issue.
 Christey> BUGTRAQ:19980501 nestea does other things
   BUGTRAQ:19980508 nestea2 and HP Jet Direct cards.
   BUGTRAQ:19981027 nestea v2 against freebsd 3.0-Release
   Nestea source code is in

Proposed (Legacy)
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.