• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
19990607 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (19990728)
Votes (Legacy)
MODIFY(1) Frech
NOOP(2) Christey, Wall
REJECT(2) Baker, Northcutt
Comments (Legacy)
 Northcutt> Nmap and queso are the tip of the iceberg and not the most advanced
   ways to accomplish this.  To pursue making the world signature free
   is as much a vulnerability as having signatures, nay more.
 Frech> XF:decod-nmap(2053)
 Christey> Add "fingerprinting" to facilitate search.
   Some references:
   BUGTRAQ:19981228 A few more fingerprinting techniques - time and netmask
   BUGTRAQ:19990222 Preventing remote OS detection
   BUGTRAQ:20000901 ICMP Usage In Scanning v2.0 - Research Paper
   BUGTRAQ:20000912 Using the Unused (Identifying OpenBSD,
   BUGTRAQ:20000912 The DF Bit Playground (Identifying Sun Solaris & OpenBSD OSs)
   BUGTRAQ:20000816 TOSing OSs out of the window / Fingerprinting Windows 2000 with
   BUGTRAQ:20000609 p0f - passive os fingerprinting tool
 Baker> I think we can probably reject this as the corollary is that you can identify OS from a IP/TCP packet sent by a system, looking at various parts of the SYN packet.  Unless we believe that all systems should always use identical packet header/identical responses, in which case the protocol should not permit variation.

Proposed (Legacy)
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.