PUBLISHED DATE: October 5, 1998CVE-1999-1291:
Spoofing Vulnerability

Description

TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target.

Products

• Microsoft Windows 95
• Microsoft Windows 95
• Microsoft windows 95_gold
• Microsoft windows 95_osr2.1
• Microsoft windows 95_osr2.5
• Microsoft windows 95_osr2
• Microsoft windows 95_sp1
• Microsoft Windows 95 SR2
• Microsoft Windows NT 4.0
• Microsoft Windows NT 4.0 Embedded Edition x64
• Microsoft Windows NT 4.0 Embedded Edition x86
• Microsoft Windows NT 4.0 Enterprise Edition x64
• Microsoft Windows NT 4.0 Enterprise Edition x86
• Microsoft Windows NT 4.0 Server Edition x64
• Microsoft Windows NT 4.0 Server Edition x86
• Microsoft Windows NT 4.0 Terminal Server Edition x64
• Microsoft Windows NT 4.0 Terminal Server Edition x86
• Microsoft Windows NT 4.0 Workstation Edition x64
• Microsoft Windows NT 4.0 Workstation Edition x86
• Microsoft Windows 4.0 gold
• Microsoft Windows 4.0 gold embedded
• Microsoft Windows 4.0 gold enterprise
• Microsoft Windows 4.0 gold server
• Microsoft Windows NT 4.0 Terminal Server Edition (Initial release)
• Microsoft Windows 4.0 gold workstation
• Microsoft Windows 4.0 sp1
• Microsoft Windows NT 4.0 Service Pack 1 Embedded Edition x64
• Microsoft Windows NT 4.0 Service Pack 1 Embedded Edition x86
• Microsoft Windows NT 4.0 Service Pack 1 Enterprise Edition x64
• Microsoft Windows NT 4.0 Service Pack 1 Enterprise Edition x86
• Microsoft Windows NT 4.0 Service Pack 1 Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 1 Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 1 Terminal Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 1 Terminal Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 1 Workstation Edition x64
• Microsoft Windows NT 4.0 Service Pack 1 Workstation Edition x86
• Microsoft Windows 4.0 sp1 embedded
• Microsoft Windows 4.0 sp1 enterprise
• Microsoft Windows 4.0 sp1 server
• Microsoft Windows NT Terminal Server 4.0 SP1
• Microsoft Windows 4.0 sp1 workstation
• Microsoft Windows 4.0 sp2
• Microsoft Windows NT 4.0 Service Pack 2 Embedded Edition x64
• Microsoft Windows NT 4.0 Service Pack 2 Embedded Edition x86
• Microsoft Windows NT 4.0 Service Pack 2 Enterprise Edition x64
• Microsoft Windows NT 4.0 Service Pack 2 Enterprise Edition x86
• Microsoft Windows NT 4.0 Service Pack 2 Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 2 Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 2 Terminal Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 2 Terminal Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 2 Workstation Edition x64
• Microsoft Windows NT 4.0 Service Pack 2 Workstation Edition x86
• Microsoft Windows 4.0 sp2 embedded
• Microsoft Windows 4.0 sp2 enterprise
• Microsoft Windows 4.0 sp2 server
• Microsoft Windows NT Terminal Server 4.0 SP2
• Microsoft Windows 4.0 sp2 workstation
• Microsoft Windows 4.0 sp3
• Microsoft Windows NT 4.0 Service Pack 3 Embedded Edition x64
• Microsoft Windows NT 4.0 Service Pack 3 Embedded Edition x86
• Microsoft Windows NT 4.0 Service Pack 3 Enterprise Edition x64
• Microsoft Windows NT 4.0 Service Pack 3 Enterprise Edition x86
• Microsoft Windows NT 4.0 Service Pack 3 Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 3 Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 3 Terminal Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 3 Terminal Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 3 Workstation Edition x64
• Microsoft Windows NT 4.0 Service Pack 3 Workstation Edition x86
• Microsoft Windows 4.0 sp3 embedded
• Microsoft Windows 4.0 sp3 enterprise
• Microsoft Windows 4.0 sp3 server
• Microsoft Windows NT Terminal Server 4.0 SP3
• Microsoft Windows 4.0 sp3 workstation
• Microsoft Windows 4.0 sp4
• Microsoft Windows NT 4.0 Service Pack 4 Embedded Edition x64
• Microsoft Windows NT 4.0 Service Pack 4 Embedded Edition x86
• Microsoft Windows NT 4.0 Service Pack 4 Enterprise Edition x64
• Microsoft Windows NT 4.0 Service Pack 4 Enterprise Edition x86
• Microsoft Windows NT 4.0 Service Pack 4 Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 4 Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 4 Terminal Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 4 Terminal Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 4 Workstation Edition x64
• Microsoft Windows NT 4.0 Service Pack 4 Workstation Edition x86
• Microsoft Windows 4.0 sp4 embedded
• Microsoft Windows 4.0 sp4 enterprise
• Microsoft Windows 4.0 sp4 server
• Microsoft Windows NT Terminal Server 4.0 SP4
• Microsoft Windows 4.0 sp4 workstation
• Microsoft Windows 4.0 sp5
• Microsoft Windows NT 4.0 Service Pack 5 Embedded Edition x64
• Microsoft Windows NT 4.0 Service Pack 5 Embedded Edition x86
• Microsoft Windows NT 4.0 Service Pack 5 Enterprise Edition x64
• Microsoft Windows NT 4.0 Service Pack 5 Enterprise Edition x86
• Microsoft Windows NT 4.0 Service Pack 5 Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 5 Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 5 Terminal Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 5 Terminal Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 5 Workstation Edition x64
• Microsoft Windows NT 4.0 Service Pack 5 Workstation Edition x86
• Microsoft Windows 4.0 sp5 embedded
• Microsoft Windows 4.0 sp5 enterprise
• Microsoft Windows 4.0 sp5 server
• Microsoft Windows NT Terminal Server 4.0 SP5
• Microsoft Windows 4.0 sp5 workstation
• Microsoft Windows 4.0 sp6
• Microsoft Windows NT 4.0 Service Pack 6 Embedded Edition x64
• Microsoft Windows NT 4.0 Service Pack 6 Embedded Edition x86
• Microsoft Windows NT 4.0 Service Pack 6 Enterprise Edition x64
• Microsoft Windows NT 4.0 Service Pack 6 Enterprise Edition x86
• Microsoft Windows NT 4.0 Service Pack 6 Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 6 Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 6 Terminal Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 6 Terminal Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 6 Workstation Edition x64
• Microsoft Windows NT 4.0 Service Pack 6 Workstation Edition x86
• Microsoft Windows 4.0 sp6 embedded
• Microsoft Windows 4.0 sp6 enterprise
• Microsoft Windows 4.0 sp6 server
• Microsoft Windows NT Terminal Server 4.0 SP6
• Microsoft Windows 4.0 sp6 workstation
• Microsoft Windows 4.0 sp6a
• Microsoft Windows NT 4.0 Service Pack 6a Embedded Edition x64
• Microsoft Windows NT 4.0 Service Pack 6a Embedded Edition x86
• Microsoft Windows NT 4.0 Service Pack 6a Enterprise Edition x64
• Microsoft Windows NT 4.0 Service Pack 6a Enterprise Edition x86
• Microsoft Windows NT 4.0 Service Pack 6a Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 6a Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 6a Terminal Server Edition x64
• Microsoft Windows NT 4.0 Service Pack 6a Terminal Server Edition x86
• Microsoft Windows NT 4.0 Service Pack 6a Workstation Edition x64
• Microsoft Windows NT 4.0 Service Pack 6a Workstation Edition x86
• Microsoft Windows 4.0 sp6a embedded
• Microsoft Windows 4.0 sp6a enterprise
• Microsoft Windows 4.0 sp6a server
• Microsoft Windows NT Terminal Server 4.0 SP6a
• Microsoft Windows 4.0 sp6a workstation
• Microsoft Windows NT 4.0 Post Service Pack 6a Security Rollup
• Microsoft Windows NT 4.0 Embedded Post Service Pack 6a Security Rollup
• Microsoft Windows NT 4.0 Enterprise Edition Post Service Pack 6a Security Rollup
• Microsoft Windows NT 4.0 Server Post Service Pack 6a Security Rollup
• Microsoft Windows NT 4.0 Service Roll-up Terminal Server
• Microsoft Windows NT 4.0 Workstation Post Service Pack 6a Security Rollup

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-1999-1291, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-1999-1291 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• https://nvd.nist.gov/vuln/detail/CVE-1999-1291