SYN Cookie Implementation Vulnerability in FreeBSD by The FreeBSD Project
CVE-2003-1230

Currently unrated

Key Information:

Vendor: The FreeBSD Project
Status: FreeBSD
Vendor: CVE Published:; 31 December 2003

🔔 Create The FreeBSD Project Vulnerability Alert

What is CVE-2003-1230?

The SYN cookie implementation in FreeBSD versions 4.5 to 5.0-RELEASE-p3 utilizes 32-bit internal keys for generating SYN cookies. This design flaw allows attackers to perform brute force ISN (Initial Sequence Number) guessing attacks, potentially enabling them to spoof legitimate traffic. The vulnerability compromises the integrity of network connections and can lead to unauthorized access or denial of service.

References

http://www.osvdb.org/19785

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/11397

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/6920

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Aug 17, 2005
Vulnerability published
Dec 31, 2003