Test ID:	1.3.6.1.4.1.25623.1.0.105921
Category:	JunOS Local Security Checks
Title:	Juniper Networks Junos OS TCP Packet Processing Denial of Service Vulnerability
Summary:	DoS in TCP packet processing
Description:	Summary: DoS in TCP packet processing Vulnerability Insight: For an established TCP session, TCP input validation only ensures that sequence numbers are within the acceptable window prior to examining whether the SYN flag is set on the segment. If the SYN flag is set, the TCP stack drops the session and sends a RST segment to the other side. This issue only affects TCP sessions terminating on the router. Transit traffic and TCP Proxy services are unaffected by this vulnerability. Vulnerability Impact: An attacker who can guess an in-window sequence number, source and destination address and port numbers can exploit this vulnerability to reset any established TCP session. Affected Software/OS: Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3 Solution: New builds of Junos OS software are available from Juniper. As a workaround enable TCP authentication, enable IPSec, enable the system to send ACKs for in-window RSTs and SYN packets, enable a stateful firewall to block SYN packets on existing sessions. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0230 BugTraq ID: 10183 http://www.securityfocus.com/bid/10183 Bugtraq: 20040425 Perl code exploting TCP not checking RST ACK. (Google Search) http://marc.info/?l=bugtraq&m=108302060014745&w=2 Cert/CC Advisory: TA04-111A http://www.us-cert.gov/cas/techalerts/TA04-111A.html CERT/CC vulnerability note: VU#415294 http://www.kb.cert.org/vuls/id/415294 Cisco Security Advisory: 20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml HPdes Security Advisory: HPSBST02161 http://www.securityfocus.com/archive/1/449179/100/0/threaded HPdes Security Advisory: SSRT061264 HPdes Security Advisory: SSRT4696 http://marc.info/?l=bugtraq&m=108506952116653&w=2 http://www.uniras.gov.uk/vuls/2004/236929/index.htm Microsoft Security Bulletin: MS05-019 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019 Microsoft Security Bulletin: MS06-064 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064 NETBSD Security Advisory: NetBSD-SA2004-006 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc http://www.osvdb.org/4030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711 SCO Security Bulletin: SCOSA-2005.14 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt SCO Security Bulletin: SCOSA-2005.3 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt SCO Security Bulletin: SCOSA-2005.9 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt http://secunia.com/advisories/11440 http://secunia.com/advisories/11458 http://secunia.com/advisories/22341 SGI Security Advisory: 20040403-01-A ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc http://www.vupen.com/english/advisories/2006/3983 XForce ISS Database: tcp-rst-dos(15886) https://exchange.xforce.ibmcloud.com/vulnerabilities/15886
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.