PT-2003-2175 · Freebsd · Freebsd

Published

2003-12-31

Updated

2017-07-11

CVE-2003-1230

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions FreeBSD versions 4.5 through 5.0-RELEASE-p3

Description The issue concerns the implementation of SYN cookies in FreeBSD, which uses 32-bit internal keys for generating syncookies. This makes it easier for remote attackers to conduct brute force ISN guessing attacks, allowing them to spoof legitimate traffic.

Recommendations For versions 4.5 through 5.0-RELEASE-p3, consider upgrading to a version that implements more secure syncookie generation to prevent brute force ISN guessing attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-1230

Affected Products

Freebsd

PT-2003-2175 · Freebsd · Freebsd

CVE-2003-1230

Related Identifiers

Affected Products

References · 6