CVE-2008-4609

BSD and Cisco IOS - Denial of Service via TCP State Table Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4609. PoCs published by mrclki.

AI-analyzed exploit summary This repository contains a functional Go implementation of the Sockstress (CVE-2008-4609) denial-of-service attack. It crafts and sends malformed TCP packets to exploit a vulnerability in TCP stack implementations, causing resource exhaustion on the target system.

Description

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

Exploits (1)

nomisec WORKING POC 17 stars

by mrclki · poc

https://github.com/mrclki/sockstress

View Code ZIP pw:eip

This repository contains a functional Go implementation of the Sockstress (CVE-2008-4609) denial-of-service attack. It crafts and sends malformed TCP packets to exploit a vulnerability in TCP stack implementations, causing resource exhaustion on the target system.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: TCP stack implementations (various vendors)

No auth needed

Prerequisites: Network access to the target system · Ability to send raw TCP packets

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (15)

Core 15

Core References

Broken Link x_refsource_misc

http://blog.robertlee.name/2008/10/conjecture-speculation.html

Broken Link x_refsource_misc

https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

Third Party Advisory vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=125856010926699&w=2

Broken Link mailing-list x_refsource_mlist

http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html

Broken Link x_refsource_misc

http://insecure.org/stf/tcp-dos-attack-explained.html

Broken Link x_refsource_misc

http://www.outpost24.com/news/news-2008-10-02.html

Broken Link x_refsource_misc

http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf

Broken Link vendor-advisory x_refsource_cisco

http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA09-251A.html

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Broken Link vendor-advisory x_refsource_cisco

http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html

Patch, Third Party Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048

Broken Link x_refsource_misc

http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Scores

EPSS 0.0171

EPSS Percentile 82.6%

Details

CWE

CWE-16

Status published

Products (50)

bsd/bsd

bsd/bsd 4.1

bsd/bsd 4.2

bsd/bsd 4.3

bsd/bsd 4.4

bsdi/bsd_os

bsdi/bsd_os 1.1

bsdi/bsd_os 2.0

bsdi/bsd_os 2.0.1

bsdi/bsd_os 2.1

... and 40 more

Published Oct 20, 2008

Tracked Since Feb 18, 2026