Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.105921
Categoría:JunOS Local Security Checks
Título:Junos TCP Packet Processing Denial of Service Vulnerability
Resumen:DoS in TCP packet processing
Descripción:Summary:
DoS in TCP packet processing

Vulnerability Insight:
For an established TCP session, TCP input validation only ensures
that sequence numbers are within the acceptable window prior to examining whether the SYN flag is set on
the segment. If the SYN flag is set, the TCP stack drops the session and sends a RST segment to the other
side. This issue only affects TCP sessions terminating on the router. Transit traffic and TCP Proxy services
are unaffected by this vulnerability.

Vulnerability Impact:
An attacker who can guess an in-window sequence number, source and
destination address and port numbers can exploit this vulnerability to reset any established TCP session.

Affected Software/OS:
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3

Solution:
New builds of Junos OS software are available from Juniper. As a
workaround enable TCP authentication, enable IPSec, enable the system to send ACKs for in-window RSTs and
SYN packets, enable a stateful firewall to block SYN packets on existing sessions.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: BugTraq ID: 10183
Common Vulnerability Exposure (CVE) ID: CVE-2004-0230
http://www.securityfocus.com/bid/10183
Bugtraq: 20040425 Perl code exploting TCP not checking RST ACK. (Google Search)
http://marc.info/?l=bugtraq&m=108302060014745&w=2
Cert/CC Advisory: TA04-111A
http://www.us-cert.gov/cas/techalerts/TA04-111A.html
CERT/CC vulnerability note: VU#415294
http://www.kb.cert.org/vuls/id/415294
Cisco Security Advisory: 20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml
HPdes Security Advisory: HPSBST02161
http://www.securityfocus.com/archive/1/449179/100/0/threaded
HPdes Security Advisory: SSRT061264
HPdes Security Advisory: SSRT4696
http://marc.info/?l=bugtraq&m=108506952116653&w=2
http://www.uniras.gov.uk/vuls/2004/236929/index.htm
Microsoft Security Bulletin: MS05-019
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019
Microsoft Security Bulletin: MS06-064
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064
NETBSD Security Advisory: NetBSD-SA2004-006
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc
http://www.osvdb.org/4030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711
SCO Security Bulletin: SCOSA-2005.14
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt
SCO Security Bulletin: SCOSA-2005.3
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt
SCO Security Bulletin: SCOSA-2005.9
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt
http://secunia.com/advisories/11440
http://secunia.com/advisories/11458
http://secunia.com/advisories/22341
SGI Security Advisory: 20040403-01-A
ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc
http://www.vupen.com/english/advisories/2006/3983
XForce ISS Database: tcp-rst-dos(15886)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15886
CopyrightThis script is Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.