Summary

Security Advisory ID : BSA-2016-1052

Component : TCP Sequence Number

Revision : 4.0: Final

A vulnerability was discovered in the Transmission Control Protocol (TCP) specification (RFC 873).  TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

The vulnerability has several preconditions before an exploit is possible. The attack vector is only applicable to the sessions which are terminating on a device, and not to the sessions that are only passing through the device (for example, transit traffic). In addition, the attack vector does not directly compromise data integrity or confidentiality. This makes it a non-issue for most setups.

The advisory explains that systems affected are Systems that rely on persistent TCP connections. It also explains that BGP routing is a specific case where being able to trigger a reset is easier than expected as the end points can be easily determined and large window sizes are used. BGP routing is also significantly affected by having its connections terminated.https://us-cert.cisa.gov/ncas/archives/alerts/TA04-111A

The following article from Linux Weekly News also puts the flaw into context and shows why it does not pose a significant threat: http://lwn.net/Articles/81560/

Affected Products

No Brocade Fibre Channel Products from Broadcom are currently known to be vulnerable. 

Note

Brocade Manageability products are not vulnerable to TCP sequence number vulnerability. However, since the environment that runs the products is not under Brocade's Control, Brocade recommends Customers to apply the recommendation from the vendors.

Revision History