SA17 : TCP Vulnerability CAN-2005-0356
1064
03 March 2020
28 June 2005
CLOSED
LOW
SUMMARY
Blue Coat Systems products are vulnerable to the attack described in CAN-2005-0356 if they have enabled the TCP option rfc-1323. This is a denial of service vulnerability that exists for TCP RFC 1323.
ISSUES
The issue exists in the Protection Against Wrapped Sequence Numbers (PAWS) technique when TCP PAWS is configured to employ timestamp values.
A successful attack may result in a TCP connection to drop packets, resulting in a denial of service situation.
While ProxyAV is technically vulnerable to this attack, the required deployment alongside a ProxySG appliance mitigates the severity of the issue.
MITIGATION
Disable rfc-1323 support:
SG3/SG4
#(config)tcp-ip rfc-1323 disable
SG2
#(config) reveal-advanced tcp-ip #(config) tcp-ip no rfc-1323
REFERENCES