OSVDB ID: 4030

Title: TCP/IP Sequence Prediction Blind Reset Spoofing DoS

Info

Disclosure

Apr 20, 2004

Discovery

Jul 30, 2003

Dates

Exploit

Unknown

Solution

Unknown

Description

The TCP stack implementation of numerous vendors contains a flaw that may allow a remote denial of service. The issue is triggered when spoofed TCP Reset packets are received by the targeted TCP stack, and will result in loss of availability for the attacked TCP services.

Classification

Location: Local Access Required, Remote / Network Access
Attack Type: Denial of Service, Infrastructure
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Install vendor upgrades or patches to resolve this issue. Routers using BGP are highly recommended to implement RFC-2385 (BGP TCP MD5 Signatures) as a work-around.

Products

Check Point Software Technologies, Inc.

FireWall-1

Prior to R55 HFA-03

Cisco Systems, Inc.

IOS

All Versions

Cray, Inc.

Unicos

All Versions

Hewlett-Packard Development Company, L.P.

HP-UX

All Versions

Internet Security Systems

Proventia M Series

1.5

Juniper Networks, Inc.

Router

All Versions

Linux

Linux

All Versions

Microsoft Corporation

Windows

All Versions

Nokia

IPSO

All Versions

References

Secunia Advisory ID: 11443 11444 11445 11447 11448 11458 11462 11679 11682 12682 14946 22341
ISS X-Force ID: 15886
CVE ID: 2004-0230 (see also: NVD)
SCIP VulDB ID: 2599 2600
Milw0rm: 276 291
Exploit Database: 276 291
Related OSVDB ID: 29429 6094
CERT VU: 415294
Microsoft Knowledge Base Article: 922819
CERT: CA-2001-09
Vendor Specific Advisory URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc http://securityresponse.symantec.com/avcenter/security/Content/2005.05.02.html
http://support.avaya.com/elmodocs2/security/ASA-2005-097_SCASA-2005-14.pdf
http://www.bluecoat.com/support/knowledge/advisory_tcp_can-2004-0230.html
http://www.checkpoint.com/techsupport/alerts/tcp_dos.html
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml
http://www.juniper.net/support/alert.html
http://www.juniper.net/support/security/alerts/niscc-236929.txt
http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=FsNALBWh&p_lva=&p_faqid=1535
http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01077
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20040905-01-P.asc http://www.jpcert.or.jp/at/2004/at040003.txt
http://www.seil.jp/en/ann/announce_en_20040421_01.txt
http://www.uniras.gov.uk/vuls/2004/236929/index.htm
http://xforce.iss.net/xforce/alerts/id/170
Other Solution URL: http://isc.sans.org/diary.php?date=2004-04-20
Generic Informational URL: http://nytimes.com/aponline/technology/AP-Internet -Threat.html
http://slashdot.org/articles/04/04/20/1738217.shtml?tid=126&tid=128&tid=172&tid=95
http://www.cnn.com/2004/TECH/internet/04/20/internet.threat/index.html
http://www.eweek.com/article2/0,1759,1571185,00.asp
http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt
http://www.ietf.org/rfc/rfc0793.txt
http://www.msnbc.msn.com/id/4788445/
http://www.osvdb.org/ref/04/04030-SlippingInTheWindow_v1.0.doc
http://www.osvdb.org/ref/04/04030-SlippingInTheWindow_v1.0.ppt
Generic Exploit URL: http://www.osvdb.org/ref/04/04030-exploit.zip
http://www.packetstormsecurity.org/0404-exploits/bgp-dosv2.pl
http://www.packetstormsecurity.org/0404-exploits/disconn.py
http://www.packetstormsecurity.org/0404-exploits/Kreset.pl
http://www.packetstormsecurity.org/0404-exploits/reset-tcp.c
http://www.packetstormsecurity.org/0404-exploits/reset-tcp_rfc31337-compliant.c
http://www.packetstormsecurity.org/0404-exploits/reset.zip
http://www.packetstormsecurity.org/0404-exploits/tcp_reset.c
http://www.packetstormsecurity.org/0405-exploits/autoRST.c
http://www.packetstormsecurity.org/cisco/ttt-1.3r.tar.gz
Microsoft Security Bulletin: MS05-019 MS06-064
Keyword: Reset RFC-793 RST TCP
US-CERT Cyber Security Alert: TA04-111A

Credit

Paul (Tony) Watson - pawpaw.org - OSVDB

Direct URL: http://osvdb.org/4030