Re: CVE-2004-0230 RST DoS vulnerability in Lenny?
On 2010-02-11 22:55, JW wrote:
> Recently we've had a scanning vendor tell us our Debian Lenny 5.0.3 is
> vulnerable to CVE-2004-0230:
> TCP/IP Sequence Prediction Blind Reset Spoofing DoS
> "It may be possible to send spoofed RST packets to the remote system."
> " . . . vulnerable to a sequence number
> approximation bug, which may allow an attacker to send
> spoofed RST packets to the remote host and close established
> connections . . . "
> When I tried to look up info about it - one pages lists "Linux" as vulnerable
> (with no additional information) and I am not able to find anything about
> Debian's status or relationship to it except possibly for
> which possibly indicates it's fixed, or someone tried to fix it in 2005.
CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote
NOT-FOR-US: famous TCP RST bug
See here for more information, it seems it is something to care about
only if you do BGP routing:
See also redhat's statement on this:
> Does anyone know anything about this? I'm needing some kind of fix or
> work-around so I can satisfy the scan vendor.