Hello,
We have a system that is running CentOS 6.2 (2.6.32-220.13.1.el6.x86_64) and we just ran a security audit on it. We're getting a vulnerability flag for a "TCP Sequence Number Approximation Vulnerability". From what I've read, this really isnt an issue with this system - this vulnerability just has an extremely high false positive rate. The issue is that I need to prove that there is no issue before the flag can be overridden. Where can I find documentation to back this up?
Thank you ahead of time.
TCP Sequence Number Approximation Vulnerability
-
pschaff
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
TCP Sequence Number Approximation Vulnerability
All security bugs reported to [url=http://wiki.centos.org/FAQ/General?highlight=%28TUV%29#head-d29a2b7e61ffc544973098f9dd49fe4663efba50]TUV[/url] are [url=https://access.redhat.com/security/updates/backporting/?sc_cid=3093]backported[/url] to the code base for release.
If your auditors have specific CVE numbers that they want you to check then:
[code]
rpm -q --changelog package_name | grep CVE-xxxx-xxxx
[/code]
You can also google the [url=http://www.securityfocus.com/bid/10183]CVE[/url] - for instance:
[url=https://www.google.com/search?q=%22CVE-2004-0230%22+site%3Aredhat.com&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a]"CVE-2004-0230" site:redhat.com[/url]
If your auditors have specific CVE numbers that they want you to check then:
[code]
rpm -q --changelog package_name | grep CVE-xxxx-xxxx
[/code]
You can also google the [url=http://www.securityfocus.com/bid/10183]CVE[/url] - for instance:
[url=https://www.google.com/search?q=%22CVE-2004-0230%22+site%3Aredhat.com&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a]"CVE-2004-0230" site:redhat.com[/url]