| VID |
13001 |
| Severity |
30 |
| Port |
|
| Protocol |
TCP |
| Class |
Protocol |
| Detailed Description |
The TCP sequence number is predictaed. FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN). With 3 consecutive random increments captured from the responses of 4 SYN packets sent to the target, an attacker can rebuild the random state of the remote machine. This information can then be used to predict the next random increments the remote machine will make. The attacker can send packets that are forged to appear to come from trusted machines. These forged packets can compromise services, such as rsh and rlogin, because their authentication is based on IP addresses. Attackers can also perform IP address spoofing and session hijacking to gain access to the target system.
* References:
http://www.securityfocus.com/bid/1766
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:52.tcp-iss.asc |
| Recommendation |
For FreeBSD, Obtain and apply the latest patch from:
FreeBSD-SA-00:52ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:52.tcp-iss.asc |
| Related URL |
CVE-2000-0916 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
