[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2004-0230 RST DoS vulnerability in Lenny?

On Thu, 11 Feb 2010 14:55:15 -0600 JW wrote:

> Recently we've had a scanning vendor tell us our Debian Lenny 5.0.3 is 
> vulnerable to CVE-2004-0230:
> TCP/IP Sequence Prediction Blind Reset Spoofing DoS
> "It may be possible to send spoofed RST packets to the remote system."
> " . . . vulnerable to a sequence number
> approximation bug, which may allow an attacker to send
> spoofed RST packets to the remote host and close established
> connections . . . "
> When I tried to look up info about it - one pages lists "Linux" as vulnerable 
> (with no additional information) and I am not able to find anything about 
> Debian's status or relationship to it except possibly for 
> http://www.mail-archive.com/secure-testing-commits@lists.alioth.debian.org/msg01390.html 
> which possibly indicates it's fixed, or someone tried to fix it in 2005.
> Does anyone know anything about this? I'm needing some kind of fix or 
> work-around so I can satisfy the scan vendor. 

It looks to be a known issue, which has been determined to be
unimportant in pretty much all circumstances (i.e. even if it is
successful, it just causes a disconnect, which isn't even an issue
since most configurations will just automatically restablish). 

So unless you are doing BGP (Border Gateway Protocol) where disconnects
do have a major impact, I would seriously question the value you are
getting from a scan vendor who makes you worry about issues without
understanding the problem themselves first.


Reply to: