Multiple Vendor TCP Sequence Number Approximation Vulnerability

The proof-of-concept code developed by Paul Watson is available (SlippingInTheWindow.tgz).

The researchers who discovered this issue have demonstrated that it is exploitable on some implementations.

The following exploit script for this issue has been provided:

http://www.k-otik.com/exploits/04222004.reset.dpr.php

A Perl script targetting BGP specifically is also available (bgp-dosv2.pl).

A Perl exploit was released (Kreset.pl).

Exploit code written by Matt Edman has been released (autoRST.c).


 

Privacy Statement
Copyright 2010, SecurityFocus