The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP acknowledgement number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
From 神龙GPT (AIGC)
TCP的原始设计不检查中间路由器生成的ICMP错误消息中的TCP确认编号是否在已经确认的数据的可能值范围内(即“TCP确认编号检查”)，这使攻击者更容易伪造特定TCP连接的ICMP错误消息并导致拒绝服务，可以使用(1)盲连接重置攻击伪造“目标不可达”消息，(2)盲吞吐量减少攻击伪造“源封停”消息，或(3)盲吞吐量减少攻击伪造ICMP消息，导致路径MTU降低。注意：CVE-2004-0790、CVE-2004-0791和CVE-2004-1060根据不同的攻击 Split;CVE-2005-0065、CVE-2005-0066、CVE-2005-0067和CVE-2005-0068是相关 identifiers，根据底层漏洞 Split。虽然CVE 通常根据漏洞 Split，但基于攻击的 identifiers 存在，是由于处理攻击的不同实现和解决方案的数量和多样性。