|
| TC: | 12092 | |
| Description: | When opening a connection on a TCP port, an Initial Sequence Number (ISN) is given. If the ISN can be guessed, it makes it easy for an attacker to establish a connection spoofing a legitimate user. This could give access to services that should not be reachable by any outsider. This test case checks that the ISN is not based on the clock of the target. Though defined in the RFC of TCP/IP, this make stacks vulnerable to spoofing attacks. | |
| TC Impact: | Attack |
| Vulnerability Publication: | N/A | |
| Advisory Copyright: | N/A | |
| Summary: | It is possible to spoof legitimate users to establish connections to your host. | |
| Risk: | High | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete | |
| CVSS 2.0 Base Score: | 7.6 |
| Vulnerability Impact: |
Attack |
|---|
| Host Impact: | Prediction of ISN number sequences allows attacker to launch IP address spoofing and session hijacking attacks. | |
| Nature of Remediation: | Update the software. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Upgrade Software ***** Check with vendor for a fixed stack. |
| References: | ||
| * MISC: Defending Against Sequence Number Attacks: http://www.ietf.org/rfc/rfc1948.txt * MISC: RFC 793 http://www.ietf.org/rfc/rfc793.txt |
| CVE Link: |
GENERIC-MAP-NOMATCH |
 |
|---|
| Glossary: |
IP TCP TCP ISN TCP port TCP/IP TCP/IP Stack |
|---|