Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Kategorie:JunOS Local Security Checks
Titel:Junos TCP Packet Processing Denial of Service Vulnerability
Zusammenfassung:DoS in TCP packet processing
DoS in TCP packet processing

Vulnerability Insight:
For an established TCP session, TCP input validation only ensures
that sequence numbers are within the acceptable window prior to examining whether the SYN flag is set on
the segment. If the SYN flag is set, the TCP stack drops the session and sends a RST segment to the other
side. This issue only affects TCP sessions terminating on the router. Transit traffic and TCP Proxy services
are unaffected by this vulnerability.

Vulnerability Impact:
An attacker who can guess an in-window sequence number, source and
destination address and port numbers can exploit this vulnerability to reset any established TCP session.

Affected Software/OS:
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3

New builds of Junos OS software are available from Juniper. As a
workaround enable TCP authentication, enable IPSec, enable the system to send ACKs for in-window RSTs and
SYN packets, enable a stateful firewall to block SYN packets on existing sessions.

CVSS Score:

CVSS Vector:

Querverweis: BugTraq ID: 10183
Common Vulnerability Exposure (CVE) ID: CVE-2004-0230
Bugtraq: 20040425 Perl code exploting TCP not checking RST ACK. (Google Search)
Cert/CC Advisory: TA04-111A
CERT/CC vulnerability note: VU#415294
Cisco Security Advisory: 20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products
HPdes Security Advisory: HPSBST02161
HPdes Security Advisory: SSRT061264
HPdes Security Advisory: SSRT4696
Microsoft Security Bulletin: MS05-019
Microsoft Security Bulletin: MS06-064
NETBSD Security Advisory: NetBSD-SA2004-006
SCO Security Bulletin: SCOSA-2005.14
SCO Security Bulletin: SCOSA-2005.3
SCO Security Bulletin: SCOSA-2005.9
SGI Security Advisory: 20040403-01-A
XForce ISS Database: tcp-rst-dos(15886)
CopyrightThis script is Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.