Cisco products are affected, including IOS and non-IOS based devices. Juniper Networks products are affected. InterNiche NicheStack and NicheLite are affected. Internet Initiative Japan, Inc (IIJ) is affected. Check Point is affected, but has issued a protection mechanism in the latest release for VPN-1/FireWall-1 (R55 HFA-03) that can protect both the firewall device and hosts located behind the firewall. is vulnerable on their UNICOS, UNICOS/mk and UNICOS/mp systems The report indicates that the following vendors are affected : Watson for discovering a practical method for conducting TCP reset attacks (presented in "Slipping In The Window: TCP Reset Attacks" at the CanSecWest 2004 conference). The Associate Press reports that the proper number can be guessed within as few as four attempts, requiring only seconds to achieve. However, in actuality, a remote user may be able to guess an appropriate sequence number with much greater probability because many implementations will accept any sequence number within a certain window of the expected sequence number. Ordinarily, the remote user may have the probability of 1 in 2^32 of guessing the correct sequence number, the report said. Other applications, such as Domain Name System (DNS) and (Secure Sockets Layer) SSL based applications may also be affected, but to a lesser degree, the report said.Ī remote user can reportedly send a TCP packet with the RST (reset) flag set (or the SYN flag) with the appropriate spoofed source and destination IP addresses and TCP ports to cause the TCP session to be terminated. In the case of BGP, using the TCP MD5 Signature Option and anti-spoofing measures can mitigate the vulnerability.
Premature termination of an underlying TCP session may require routing tables to be rebuilt and may cause "route flapping". The specific impact on applications that use TCP depends on the mechanisms built into the application to address premature TCP session termination.Īccording to the report, NISCC considers the Border Gateway Protocol (BGP) to be one of the most affected applications, as it relies on a persistent TCP session between BGP peer entities. A remote user can cause TCP sessions to terminate prematurely, causing denial of service conditions. The UK National Infrastructure Security Co-Ordination Centre (NISCC) reported that some implementations of the Transmission Control Protocol (TCP) are particularly vulnerable to TCP reset attacks. A remote user may be able to cause denial of service conditions using a TCP reset attack. (Brocade Communications Systems Issues Fix for Brocade 5600 vRouter) Multiple Vendor TCP Stack Implementations Let Remote Users Deny ServiceĬVE Reference: CVE-2004-0230 (Links to External Site)įix Available: Yes Vendor Confirmed: Yes Exploit Included: YesĪ vulnerability was reported in several TCP stack implementations. Home | View Topics | Search | Contact Us | In October 2013 an independent group started a fork of Vyatta Core under a new name VyOS.(Brocade Communications Systems Issues Fix for Brocade 5600 vRouter) Multiple Vendor TCP Stack Implementations Let Remote Users Deny Service - SecurityTracker In April, 2013, Brocade renamed the product from the Vyatta Subscription Edition (VSE) to the Brocade Vyatta 5400 vRouter. In 2012, Brocade Communications Systems acquired Vyatta and renamed it “Vyatta, a Brocade Company”.
The Vyatta system is intended as a replacement for Cisco IOS 1800 through ASR 1000 series Integrated Services Routers (ISR) and ASA 5500 security appliances, with a strong emphasis on the cost and flexibility inherent in an open source, Linux-based system running on commodity x86 hardware or in VMware ESXi, Microsoft Hyper-V, Citrix XenServer, Open Source Xen and KVM virtual environments. It contains networking applications such as Quagga, OpenVPN, ant many others. Vyatta provides software-based virtual router, virtual firewall and VPN products for Internet Protocol networks (IPv4 and IPv6).
Vyatta – a Debian based Linux distribution, which transform a standard x86/x86-64 machine into an enterprise-class router/firewall. The last version | Released: 6.6 | May, 2013