论坛徽章:: 1

电梯直达

1楼 [收藏(0)] [报告]

发表于 2014-06-05 19:23 |只看该作者 |倒序浏览

本帖最后由 jimmy14k 于 2014-06-05 19:23 编辑

High:
?????TCP Sequence Number Approximation Reset Denial of Service Vulnerability
?????Risk:High
?????Application:general
?????Port:0
?????Protocol:tcp
?????ScriptID:902815
?????Overview: The host is running TCP services and is prone to denial of service
????? vulnerability.
????? Vulnerability Insight:
????? The flaw is triggered when spoofed TCP Reset packets are received by the
????? targeted TCP stack and will result in loss of availability for the attacked
????? TCP services.
????? Impact:
????? Successful exploitation will allow remote attackers to guess sequence numbers
????? and cause a denial of service to persistent TCP connections by repeatedly
????? injecting a TCP RST packet.
????? Impact Level: System
????? Affected Software/OS:
????? TCP
????? Fix: Please see the referenced advisories for more information on obtaining
????? and applying fixes.
????? References:
????? http://www.osvdb.org/4030
????? http://xforce.iss.net/xforce/xfdb/15886
????? http://www.us-cert.gov/cas/techalerts/TA04-111A.html
????? http://www-01.ibm.com/support/docview.wss?uid=isg1IY55949
????? http://www-01.ibm.com/support/docview.wss?uid=isg1IY55950
????? http://www-01.ibm.com/support/docview.wss?uid=isg1IY62006
????? http://www.microsoft.com/technet/security/Bulletin/MS05-019.mspx
????? http://www.microsoft.com/technet/security/bulletin/ms06-064.mspx
????? http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html
????? http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html
?????CVSS Base Score : 5.0
?????Family name: Denial of Service
?????Category: infos
?????Copyright: Copyright (C) 2012 SecPod
?????Summary: Determine TCP Sequence Number Approximation Vulnerability