On Thu, 11 Feb 2010 14:55:15 -0600 JW wrote: > Recently we've had a scanning vendor tell us our Debian Lenny 5.0.3 is > vulnerable to CVE-2004-0230: > > TCP/IP Sequence Prediction Blind Reset Spoofing DoS > > "It may be possible to send spoofed RST packets to the remote system." > > " . . . vulnerable to a sequence number > approximation bug, which may allow an attacker to send > spoofed RST packets to the remote host and close established > connections . . . " > > When I tried to look up info about it - one pages lists "Linux" as vulnerable > (with no additional information) and I am not able to find anything about > Debian's status or relationship to it except possibly for > http://www.mail-archive.com/[email protected]/msg01390.html > > which possibly indicates it's fixed, or someone tried to fix it in 2005. > > Does anyone know anything about this? I'm needing some kind of fix or > work-around so I can satisfy the scan vendor.
It looks to be a known issue, which has been determined to be unimportant in pretty much all circumstances (i.e. even if it is successful, it just causes a disconnect, which isn't even an issue since most configurations will just automatically restablish). So unless you are doing BGP (Border Gateway Protocol) where disconnects do have a major impact, I would seriously question the value you are getting from a scan vendor who makes you worry about issues without understanding the problem themselves first. Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
