CVE-2004-0230

Table of Contents

The MITRE CVE dictionary describes this issue as:

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

Find out more about CVE-2004-0230 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

The DHS advisory is a good source of background information about the
issue: http://www.us-cert.gov/cas/techalerts/TA04-111A.html

It is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attacker would need to know the source and destination ip address and ports as well as being able to guess the sequence number within the window. These requirements seriously reduce the ability to trigger a connection reset on normal TCP connections. The DHS advisory explains that BGP routing is a specific case where being able to trigger a reset is easier than expected as the end points can be easily determined and large window sizes are used. BGP routing is also signficantly affected by having its connections terminated. The major BGP peers have recently switched to requiring md5 signatures which mitigates against this attack.

The following article from Linux Weekly News also puts the flaw into context and shows why it does not pose a significant threat:
http://lwn.net/Articles/81560/

Red Hat does not have any plans for action regarding this issue.

Last Modified

CVE description copyright © 2017, The MITRE Corporation