TCP/IP Initial Sequence Number (ISN) Reuse Weakness

This script is Copyright (C) 2002-2011 Tenable Network Security, Inc.


Synopsis :

The remote device seems to generate predictable TCP Initial Sequence
Numbers.

Description :

The remote host seems to generate Initial Sequence Numbers (ISN) in a weak
manner which seems to solely depend on the source and dest port of the TCP
packets.

An attacker may exploit this flaw to establish spoofed connections to the
remote host.

The Raptor Firewall and Novell NetWare are known to be vulnerable to this
flaw, although other network devices may be vulnerable as well.

See also :

http://archives.neohapsis.com/archives/bugtraq/2002-07/0492.html
http://securityresponse.symantec.com/avcenter/security/Content/2002.08.05.html

Solution :

If you are using a Raptor Firewall, install the TCP security hotfix
described in Symantec's advisory. Otherwise, contact your vendor for
a patch.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: General

Nessus Plugin ID: 11057 ()

Bugtraq ID: 5387
8652

CVE ID: CVE-2002-1463