Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Linux Kernel 2.2 - Predictable TCP Initial Sequence Number

Related Vulnerabilities: CVE-2004-0641   CVE-2002-1463   CVE-2001-1104   CVE-2001-0751   CVE-2001-0328   CVE-2001-0288   CVE-2001-0163   CVE-2001-0162   CVE-2000-0916   CVE-1999-0077  
Publish Date: 27 Sep 1999
Author: Stealth & S. Krahmer
Source / Download Exploit 
                							

                source: http://www.securityfocus.com/bid/670/info

A vulnerability in the Linux kernel allows remote users to guess the initial sequence number of TCP sessions. This can be used to create spoofed TCP sessions bypassing some types of IP based access controls.

The function 'secure_tcp_sequence_number' in the file 'drivers/char/random.c' at line 1684 is used to generate the initial sequence number. It used the MD4 hash with a set of inputs to generate the new ISN. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/19522.tar.gz

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started