CVE-2004-0230 Blind Reset Attack Using the RST/SYN Bit

Summary

TCP stacks that lack RFC 5961 3.2 & 4.2 support (or have it disabled at application level) may allow remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST or SYN packet.

Affected Products

FortiAnalyzer version 5.2.0 through 5.2.9
FortiAnalyzer version 6.0.0 through 6.0.11
FortiAnalyzer version 6.2.0 through 6.2.3

FortiAuthenticator version 5.5.0
FortiAuthenticator version 6.0.0 through 6.0.5
FortiAuthenticator version 6.2.0 through 6.2.1

FortiManager version 5.2.0 through 5.2.9
FortiManager version 6.0.0 through 6.0.11
FortiManager version 6.2.0 through 6.2.3

FortiOS version 5.2.0 through 5.2.8
FortiOS version 5.4.0 through 5.4.1

FortiWAN version 4.5.0 through 4.5.4

FortiWLC version 8.4.0 through 8.4.8
FortiWLC version 8.5.0 through 8.5.5
FortiWLC version 8.6.0

Solutions

Upgrade to FortiAnalyzer version 6.2.4 or above
Upgrade to FortiAnalyzer version 6.4.0 or above

Upgrade to FortiAuthenticator version 6.3.0 or above
Upgrade to FortiAuthenticator version 6.0.6 or above

Upgrade to FortiManager version 6.2.4 or above
Upgrade to FortiManager version 6.4.0 or above

Upgrade to FortiOS version 5.6.0 or above
Upgrade to FortiOS version 5.4.2 or above
Upgrade to FortiOS version 5.2.9 or above

Upgrade to FortiWAN version 4.5.5 or above

Upgrade to FortiWLC version 8.6.1 or above

Workaround:

Restrict hosts that can connect to the GUI to trusted ones only, with the trusted host feature.

References

• The following issues reported by vulnerability scanners are directly linked to this issue: "TCP Sequence Number Approximation Based Denial of Service" "Blind Reset Attack Using the RST/SYN Bit"