Juniper NSM Linux Kernel TCP Sequence Number Generation Issue (PSN-2012-08-688)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host has a predictable TCP sequence number generator.

Description :

According to the version of one or more Juniper NSM servers running on
the remote host, it is potentially vulnerable to denial of service and
network session hijacking attacks due to a weak IP sequence number
generator.

See also :

http://www.nessus.org/u?63abb75f

Solution :

Upgrade to NSM version 2011.4s3 / 2012.1 or higher.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 69873 ()

Bugtraq ID: 49289

CVE ID: CVE-2011-3188