Upstream information

CVE-2001-0328 at MITRE

Description

TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Note from the SUSE Security Team

This issue was fixed in the Linux Kernel since 1996, refer to the CERT statement from 2001. If your security scanner still shows it, contact your scanner vendor.

SUSE Bugzilla entry: 954947 [RESOLVED / UPSTREAM]

No SUSE Security Announcements cross referenced.