Vulnerability Name: | CVE-2000-0328 (CCN-139) |
Assigned: | 1995-01-01 |
Published: | 1995-01-01 |
Updated: | 2018-10-12 |
Summary: | Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.
|
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): None Availibility (A): None |
|
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None |
|
Vulnerability Type: | CWE-Other
|
Vulnerability Consequences: | Bypass Security |
References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-00:52 TCP uses weak initial sequence numbers
Source: CCN Type: SGI Security Advisory 20020303-01-A IRIX TCP/IP Initial Sequence Numbers
Source: CCN Type: SGI Security Advisory 20020903-01-P IP denial-of-service fixes and tunings
Source: CCN Type: BugTraq Mailing List, Wed Jul 25 2001 - 18:17:28 CDT Weak TCP Sequence Numbers in Sonicwall SOHO Firewall
Source: CCN Type: BugTraq Mailing List, Thu May 30 2002 - 03:45:09 CDT 2 security problem Quantum SNAP server
Source: CCN Type: BugTraq Mailing List, Fri May 18 2007 - 08:36:10 CDT Predictable TCP ISN in Packeteer PacketShaper
Source: MITRE Type: CNA CVE-1999-0077
Source: MITRE Type: CNA CVE-2000-0328
Source: MITRE Type: CNA CVE-2000-0916
Source: MITRE Type: CNA CVE-2001-0288
Source: MITRE Type: CNA CVE-2001-0328
Source: MITRE Type: CNA CVE-2001-0751
Source: MITRE Type: CNA CVE-2001-1104
Source: MITRE Type: CNA CVE-2007-2782
Source: CCN Type: Hacker Emergency Response Team Security Advisory #00003 FreeBSD IP Spoofing
Source: CCN Type: SA25344 Packeteer PacketShaper TCP ISN Generation Weakness
Source: CCN Type: SA8044 SGI IRIX Multiple Vulnerabilities
Source: CCN Type: ASA-2007-416 HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) (HPSBUX02262)
Source: CCN Type: CERT Advisory CA-1995-01 IP Spoofing Attacks and Hijacked Terminal Connections
Source: CCN Type: CERT Advisory CA-2001-09 Statistical Weaknesses in TCP/IP Initial Sequence Numbers
Source: CCN Type: CIAC Information Bulletin K-006 Microsoft - Improve TCP Initial Sequence Number Randomness
Source: CCN Type: CIAC Information Bulletin L-003 FreeBSD TCP Sequence Number Vulnerability
Source: CCN Type: CIAC Information Bulletin L-053 Cisco IOS Software TCP Initial Sequence Number Improvements
Source: CCN Type: CIAC Information Bulletin L-086 Cisco Multiple Vulnerabilities in CBOS
Source: CCN Type: Cisco Systems Field Notice, May 22, 2001 Security Advisory: More Multiple Vulnerabilities in CBOS
Source: CCN Type: Cisco Systems Field Notice, February 28, 2001 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
Source: CCN Type: US-CERT VU#498440 Multiple TCP/IP implementations may use statistically predictable initial sequence numbers
Source: CCN Type: Microsoft Product Support Services Windows NT Service Packs
Source: CCN Type: Microsoft Security Bulletin MS99-046 FAQ Microsoft Security Bulletin MS99-046: Frequently Asked Questions
Source: CCN Type: Microsoft Security Bulletin MS01-033 Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise
Source: CCN Type: Microsoft Security Bulletin MS01-041 Malformed RPC Request Can Cause Service Failure
Source: CCN Type: Microsoft Security Bulletin MS01-044 15 August 2001 Cumulative Patch for IIS
Source: CCN Type: Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data
Source: CCN Type: Microsoft Security Bulletin MS02-018 Cumulative Patch for Internet Information Services (Q319733)
Source: CCN Type: Microsoft Security Bulletin MS02-062 Cumulative Patch for Internet Information Service (Q327696)
Source: CCN Type: Microsoft Security Bulletin MS03-018 Cumulative Patch for Internet Information Service (811114)
Source: CCN Type: Microsoft Security Bulletin MS99-046 Patch Available to Improve TCP Initial Sequence Number Randomness
Source: CCN Type: NetScreen Security Alert 51897 Predictable TCP Initial Sequence Numbers
Source: CCN Type: OSVDB ID: 199 Multiple Vendor TCP/IP ISN Sequence Prediction Weakness
Source: CCN Type: OSVDB ID: 36226 Packeteer PacketShaper TCP ISN Prediction
Source: CCN Type: OSVDB ID: 4409 SonicWALL SOHO Firewall Predictable TCP Sequence
Source: CCN Type: OSVDB ID: 45877 Aztech DSL600EU Router TCP Sequence Prediction Web Interface Access
Source: CCN Type: Packeteer Web site PacketShaper
Source: CCN Type: BID-107 Portmaster Predictable TCP Initial Sequence Number Vulnerability
Source: CCN Type: BID-1766 BSD Weak initial Sequence Number Vulnerability
Source: CCN Type: BID-24048 Packeteer PacketShaper ISN TCP Packet Spoofing Vulnerability
Source: CCN Type: BID-2682 Multiple Vendor TCP Initial Sequence Number Statistical Vulnerability
Source: CCN Type: BID-3098 SonicWALL SOHO Firewall Predictable TCP Initial Sequence Number Vulnerability
Source: CCN Type: BID-4892 Quantum Snap Server Predictable TCP Sequence Number Vulnerability
Source: BID Type: UNKNOWN 604
Source: CCN Type: BID-604 NT Predictable TCP Sequence Number Vulnerability
Source: CCN Type: BID-6249 NetScreen ScreenOS Predictable Initial TCP Sequence Number Vulnerability
Source: CCN Type: BID-670 Linux Predictable TCP Initial Sequence Number Vulnerability
Source: BUGTRAQ Type: UNKNOWN 19990824 NT Predictable Initial TCP Sequence numbers - changes observed with SP4
Source: CCN Type: Proceedings of the Fifth USENIX UNIX Security Symposium, June 1995 Simple Active Attack Against TCP
Source: MS Type: UNKNOWN MS99-046
Source: XF Type: UNKNOWN tcp-seq-predict(139)
Source: CCN Type: Microsoft Knowledge Base Article 192292 Unpredictable TCP Sequence Numbers in SP4
Source: CCN Type: Microsoft Knowledge Base Article 243835 How to Prevent Predictable TCP/IP Initial Sequence Numbers
|
Vulnerable Configuration: | Configuration 1: cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:*:*:*:*OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:*:*:*:*OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:*:*:*:*OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:*:*:*:*OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:*:*:*:* Configuration CCN 1: cpe:/o:ibm:aix:*:*:*:*:*:*:*:*OR cpe:/o:windriver:bsdos:*:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:*:*:*:*:*:*:*:*OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*OR cpe:/o:sun:solaris:*:*:*:*:*:*:*:*OR cpe:/o:ibm:os2:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_95:*:*:*:*:*:*:*:*OR cpe:/a:data_general:dg_ux:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*OR cpe:/a:novell:netware:*:*:*:*:*:*:*:*OR cpe:/o:sco:unix:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*OR cpe:/o:cisco:ios:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*OR cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*OR cpe:/a:packeteer:packetshaper:7.3.0g2:*:*:*:*:*:*:*OR cpe:/a:packeteer:packetshaper:7.5.0g1:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_8:*:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Vulnerability Name: | CVE-2000-0328 (CCN-3168) |
Assigned: | 1999-08-25 |
Published: | 1999-08-25 |
Updated: | 1999-08-25 |
Summary: | Microsoft Windows NT introduced a new method of generating TCP sequence numbers, designed to close a hole in previous versions of Windows NT. Earlier versions allowed these numbers to be easily guessed. However, it has been shown that systems using SP4 to SP6 are just as vulnerable to sequence number prediction attacks as earlier service packs. |
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): Low Availibility (A): None |
|
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None |
|
Vulnerability Consequences: | Bypass Security |
References: | Source: CCN Type: BugTraq Mailing List, Tue, 24 Aug 1999 16:59:09 +0100 NT Predictable Initial TCP Sequence numbers - changes observed with SP4
Source: MITRE Type: CNA CVE-2000-0328
Source: CCN Type: CIAC Information Bulletin K-006 Microsoft - Improve TCP Initial Sequence Number Randomness
Source: CCN Type: Microsoft Security Bulletin MS99-046 FAQ Microsoft Security Bulletin MS99-046: Frequently Asked Questions
Source: CCN Type: Microsoft Security Bulletin MS01-033 Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise
Source: CCN Type: Microsoft Security Bulletin MS01-041 Malformed RPC Request Can Cause Service Failure
Source: CCN Type: Microsoft Security Bulletin MS01-044 15 August 2001 Cumulative Patch for IIS
Source: CCN Type: Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data
Source: CCN Type: Microsoft Security Bulletin MS02-018 Cumulative Patch for Internet Information Services (Q319733)
Source: CCN Type: Microsoft Security Bulletin MS03-018 Cumulative Patch for Internet Information Service (811114)
Source: CCN Type: Microsoft Security Bulletin MS99-046 Patch Available to Improve TCP Initial Sequence Number Randomness
Source: CCN Type: NTA Web site Leading Security testers NTA Monitor Discover Security Flaw in Microsoft NT4 SP4
Source: CCN Type: BID-604 NT Predictable TCP Sequence Number Vulnerability
Source: XF Type: UNKNOWN nt-sequence-prediction-sp4(3168)
|
Vulnerable Configuration: | Configuration CCN 1: cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_nt:3.5.1:sp4:*:*:*:*:*:*OR cpe:/o:microsoft:windows_nt:3.5.1:sp5:*:*:*:*:*:*OR cpe:/o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:*:*:*:*OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
Denotes that component is vulnerable |
BACK |
microsoft windows nt 4.0
microsoft windows nt 4.0 sp1
microsoft windows nt 4.0 sp2
microsoft windows nt 4.0 sp3
microsoft windows nt 4.0 sp4
microsoft windows nt 4.0 sp5
ibm aix *
windriver bsdos *
hp hp-ux *
sgi irix *
linux linux kernel *
sun solaris *
ibm os2 *
microsoft windows 95 *
data_general dg ux *
microsoft windows nt 4.0
microsoft windows 98 *
novell netware *
sco unix *
microsoft windows 98se *
microsoft windows 2000 *
cisco ios *
microsoft windows me *
compaq tru64 *
microsoft windows xp
apple mac os *
microsoft windows 2003_server
microsoft windows vista *
packeteer packetshaper 7.3.0g2
packeteer packetshaper 7.5.0g1
microsoft windows 7 *
microsoft windows server 2008
microsoft windows server 2008 - r2
microsoft windows server 2012
microsoft windows 8 *
microsoft windows nt 4.0
microsoft windows nt 3.5.1 sp4
microsoft windows nt 3.5.1 sp5
microsoft windows nt 4.0
microsoft windows nt 4.0 sp6
microsoft windows 2000 *