Support Content Notification - Support Portal

SA17 : TCP Vulnerability CAN-2005-0356

Product/Component

Notification Id

1064

Last Updated

03 March 2020

Initial Publication Date

28 June 2005

Status

CLOSED

Severity

LOW

CVSS Base Score

WorkAround

Affected CVE

SUMMARY

Blue Coat Systems products are vulnerable to the attack described in CAN-2005-0356 if they have enabled the TCP option rfc-1323. This is a denial of service vulnerability that exists for TCP RFC 1323.

ISSUES

The issue exists in the Protection Against Wrapped Sequence Numbers (PAWS) technique when TCP PAWS is configured to employ timestamp values.

A successful attack may result in a TCP connection to drop packets, resulting in a denial of service situation.

While ProxyAV is technically vulnerable to this attack, the required deployment alongside a ProxySG appliance mitigates the severity of the issue.

MITIGATION

Disable rfc-1323 support:

SG3/SG4

#(config)tcp-ip rfc-1323 disable

SG2

#(config) reveal-advanced tcp-ip
#(config) tcp-ip no rfc-1323

REFERENCES

https://www.kb.cert.org/vuls/id/637934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0356