SOLVED TCP Sequence Number Approximation Reset DoS Vulnerability

Fish · Nov 3, 2019

Hey guys,

I've started running OpenVAS across my network to look for vulnerabilities on my devices. I got a result for my Freenas box (and the IPMI interface) that said it's vulnerable to "TCP Sequence Number Approximation Reset Denial of Service Vulnerability".

My first question is, does anyone know if there's an easy way for me to test whether or not the box is even vulnerable to this? And if it is, how bad is it really? From the documentation, it seems like the worst case scenario is that someone on my network could annoy me by DoS'ing my box.

Thanks in advance!

dlavigne · Nov 4, 2019

Was there a CVE number attached to the result?

Fish · Nov 4, 2019

dlavigne said:
Was there a CVE number attached to the result?

Yes, sorry I should have included that - CVE-2004-0230

dlavigne · Nov 5, 2019

Wow, that's an old CVE (from 2004).

Looks like it was patched in FreeBSD before the CVE was published: https://www.freebsd.org/security/advisories/FreeBSD-SA-04:04.tcp.asc.

Fish · Nov 5, 2019

dlavigne said:
Wow, that's an old CVE (from 2004).

Looks like it was patched in FreeBSD before the CVE was published: https://www.freebsd.org/security/advisories/FreeBSD-SA-04:04.tcp.asc.

Awesome. Yeah, I assumed it was probably fixed judging by how old it is, but it's nice to get some assurance.

Important Announcement for the TrueNAS Community.

SOLVED TCP Sequence Number Approximation Reset DoS Vulnerability

Fish

Contributor

dlavigne

Guest

Fish

Contributor

dlavigne

Guest

Fish

Contributor

Similar threads

Important Announcement for the TrueNAS Community.

SOLVED TCP Sequence Number Approximation Reset DoS Vulnerability

Fish

Contributor

dlavigne

Guest

Fish

Contributor

dlavigne

Guest

Fish

Contributor

Important Announcement for the TrueNAS Community.

Related topics on forums.truenas.com for thread: "TCP Sequence Number Approximation Reset DoS Vulnerability"

Similar threads