TCP: Zero Option Length
This protocol anomaly triggers when it detects an option with a specified length of zero (which is invalid). Because this can be an attempt to force a vulnerable TCP stack into an infinite loop, it is recommended to drop these packets.
Extended Description
Roaring Penguin Software's PPPoE is a freeware PPP over Ethernet client often used by ADSL subscribers running Linux or NetBSD. PPPoE contains a possibly remotely exploitable denial of service vulnerability in its handling of TCP packets when the Clamp_MSS option is used. If PPPoE recieves a malformed TCP packet with a "zero-length option", PPPoE will go into an infinite loop. As a result, the ppp connection being supported by PPPoE will time out and be terminated. A manual re-start is needed to regain functionality. This bug has been fixed by Roaring Penguin Software in a new version, see the solutions section.
Affected Products
Roaring_penguin_software pppoe,Red_hat linux
Short Name
TCP:OPTERR:ZERO-LENGTH
Severity
Critical
Recommended
False
Recommended Action
Drop Packet
Category
TCP
Keywords
CVE-2001-0026 bid:2098
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Roaring_penguin_software
CVSS Score
5.0