[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2004-0230 RST DoS vulnerability in Lenny?

On 2010-02-11 22:55, JW wrote:
> Recently we've had a scanning vendor tell us our Debian Lenny 5.0.3 is 
> vulnerable to CVE-2004-0230:
>
> TCP/IP Sequence Prediction Blind Reset Spoofing DoS
>
> "It may be possible to send spoofed RST packets to the remote system."
>
> " . . . vulnerable to a sequence number
> approximation bug, which may allow an attacker to send
> spoofed RST packets to the remote host and close established
> connections . . . "
>
> When I tried to look up info about it - one pages lists "Linux" as vulnerable 
> (with no additional information) and I am not able to find anything about 
> Debian's status or relationship to it except possibly for 
> http://www.mail-archive.com/secure-testing-commits@lists.alioth.debian.org/msg01390.html 
> which possibly indicates it's fixed, or someone tried to fix it in 2005.
>   

That says:

 CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote 
...)
        NOT-FOR-US: famous TCP RST bug


See here for more information, it seems it is something to care about
only if you do BGP routing:
http://lwn.net/Articles/81560/

See also redhat's statement on this:
http://www.redhat.com/security/data/cve/CVE-2004-0230.html

> Does anyone know anything about this? I'm needing some kind of fix or 
> work-around so I can satisfy the scan vendor. 
>   

Not-a-bug?

Best regards,
--Edwin
Reply to: