CVE-2004-1060
ICMP and TCP - Denial of Service via Forged ICMP Fragmentation Needed Packets
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2004-1060. PoCs published by Fernando Gont.
AI-analyzed exploit summary The document describes multiple ICMP-based denial-of-service vulnerabilities (CVE-2004-1060, CAN-2004-0790, CAN-2004-0791) affecting various TCP/IP implementations, including blind connection-reset, ICMP Source Quench, and PMTUD attacks. No exploit code is provided; it is purely informational.
Description
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Exploits (2)
The document describes multiple ICMP-based denial-of-service vulnerabilities (CVE-2004-1060, CAN-2004-0790, CAN-2004-0791) affecting various TCP/IP implementations, including blind connection-reset, ICMP Source Quench, and PMTUD attacks. No exploit code is provided; it is purely informational.
This exploit demonstrates a DoS vulnerability in Windows by crafting a malformed IP packet with an option size of 39, which exceeds the maximum allowed size of 40 bytes for the IP options field. The code constructs a raw IP packet with a TCP payload and sends it to the target, causing a crash due to an off-by-one error in the IP stack.