Linux Kernel 2.2 - Predictable TCP Initial Sequence Number

Author: Stealth & S. Krahmer
type: remote
platform: linux
port: 
date_added: 1999-09-27  
date_updated: 2012-07-02  
verified: 1  
codes: CVE-2004-0641;OSVDB-199;CVE-2002-1463;CVE-2001-1104;CVE-2001-0751;CVE-2001-0328;CVE-2001-0288;CVE-2001-0163;CVE-2001-0162;CVE-2000-0916;CVE-1999-0077  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 19522.txt  
source: https://www.securityfocus.com/bid/670/info

A vulnerability in the Linux kernel allows remote users to guess the initial sequence number of TCP sessions. This can be used to create spoofed TCP sessions bypassing some types of IP based access controls.

The function 'secure_tcp_sequence_number' in the file 'drivers/char/random.c' at line 1684 is used to generate the initial sequence number. It used the MD4 hash with a set of inputs to generate the new ISN.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19522.tar.gz