CVE-ID

CVE-2000-0692

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a denial of service via a flood of fragmented packets with the SYN flag set.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
N/A
Date Entry Created
20000919 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20001010-1)
Votes (Legacy)
ACCEPT(2) Cole, Levy
MODIFY(1) Frech
NOOP(1) Wall
REVIEWING(1) Christey
Comments (Legacy)
 Frech> XF:realsecure-rskill-dos
 Christey> CHANGEREF XF:realsecure-rskill-dos to XF:realsecure-frag-syn-dos?
   http://xforce.iss.net/static/5133.php
 CHANGE> [Christey changed vote from NOOP to REVIEWING]
 Christey> In an email to issforum@iss.net on September 7, 2000, ISS says
   that Network Sensor 3.2.2 is affected by SYN flooding, but
   RealSecure 5.0 is not affected by Syn flooding.  In addition,
   they could not find conclusive evidence that RS 3.2.2 or 5.0
   was affected by IP fragmentation.  This seems to indicate
   that there are 2 *possible* problems: syn flooding (acknowledged
   by ISS) and fragmentation (unconfirmed).  Perhaps this
   candidate needs to be split, or its description should be
   rewritten to separate the 2 reported problems.
 Frech> XF:realsecure-rskill-dos(5133)

Proposed (Legacy)
20000921
This is an entry on the CVE list, which standardizes names for security problems.