Re: CVE-2004-0230 RST DoS vulnerability in Lenny?
On Thu, 11 Feb 2010 14:55:15 -0600 JW wrote:
> Recently we've had a scanning vendor tell us our Debian Lenny 5.0.3 is
> vulnerable to CVE-2004-0230:
>
> TCP/IP Sequence Prediction Blind Reset Spoofing DoS
>
> "It may be possible to send spoofed RST packets to the remote system."
>
> " . . . vulnerable to a sequence number
> approximation bug, which may allow an attacker to send
> spoofed RST packets to the remote host and close established
> connections . . . "
>
> When I tried to look up info about it - one pages lists "Linux" as vulnerable
> (with no additional information) and I am not able to find anything about
> Debian's status or relationship to it except possibly for
> http://www.mail-archive.com/secure-testing-commits@lists.alioth.debian.org/msg01390.html
> which possibly indicates it's fixed, or someone tried to fix it in 2005.
>
> Does anyone know anything about this? I'm needing some kind of fix or
> work-around so I can satisfy the scan vendor.
It looks to be a known issue, which has been determined to be
unimportant in pretty much all circumstances (i.e. even if it is
successful, it just causes a disconnect, which isn't even an issue
since most configurations will just automatically restablish).
So unless you are doing BGP (Border Gateway Protocol) where disconnects
do have a major impact, I would seriously question the value you are
getting from a scan vendor who makes you worry about issues without
understanding the problem themselves first.
Mike
Reply to: