Network appliance drops RST packet from Red Hat Enterprise Linux

Solution Unverified - Updated -

Environment

  • Red Hat Enterprise Linux 5
  • Network Appliance by 3rd paty vendor

Issue

  • A network appliance drops an RST packet from Red Hat Enterprise Linux.
RHEL                             Appliance
      ------------------------>
      Seq=0 SYN

      <------------------------
      Seq=0 Ack=1 SYN ACK

      ------------------------>
      Seq=1 Ack=1 ACK

      ------------------------>
      Seq=1 Ack=1 len=10 PSH ACK

      ------------------------> (dropped)
      Seq=1 RST
  • The appliance expects Seq=11 in the aboves.

Resolution

  • This depens on behavior of the appliance. Fixing CVE-2004-0230 is suspected. Contact the appliance vendor.

Root Cause

  • Usually, the appliance should accept the RST packet, because the RFC 793 defines the followings.
  When data is received the following comparisons are needed:

    RCV.NXT = next sequence number expected on an incoming segments, and
        is the left or lower edge of the receive window

    RCV.NXT+RCV.WND-1 = last sequence number expected on an incoming
        segment, and is the right or upper edge of the receive window

    SEG.SEQ = first sequence number occupied by the incoming segment

    SEG.SEQ+SEG.LEN-1 = last sequence number occupied by the incoming
        segment

  A segment is judged to occupy a portion of valid receive sequence
  space if

    RCV.NXT =< SEG.SEQ < RCV.NXT+RCV.WND

  or

    RCV.NXT =< SEG.SEQ+SEG.LEN-1 < RCV.NXT+RCV.WND

Authority: http://tools.ietf.org/html/rfc793

  • However, there is a vulnerability for sequence number and RST flag. It is descripbed at CVE-2004-0230. So some vendors might fix the vulnerability by them own ways (e.g. by limitting sequence number with RST.)
  • Our statement for the vulnerability is "Red Hat does not have any plans for action regarding this issue." For details, see CVE-2004-0230 of our CVE data base.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.