Foundry Networks ServerIron TCP/IP Sequence Predictability Vulnerability

The ServerIron switch product, from Foundry Networks, suffers from a sequence predictable TCP implementation. This can open it up to a variety of session hijacking, and blind session spoofing attacks, which can result in the manipulation of these switches.

The ServerIron exposes telnet, snmp, and in newer versions, web servers on its management address. As a result of sequence predictability, it becomes possible to spoof connections to the TCP services (telnet and web) as if they originate from another machine. In addition, it exposes these switches to hijacking based attacks.

The problem lies in the fact that the initial sequence number (ISN) is incremented by one for each connection. This means that determining the "next" sequence number requires only the establishment of a connection.


Privacy Statement
Copyright 2010, SecurityFocus