CVE-2001-0328

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0328.

AI-analyzed exploit summary The vulnerability in the Linux kernel's 'secure_tcp_sequence_number' function allows remote users to predict TCP initial sequence numbers (ISNs) due to weak MD4-based generation, enabling session spoofing and bypassing IP-based access controls. The analysis references the specific function and file in the kernel code.

Description

TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN.

Exploits (1)

exploitdb WRITEUP

remotelinux

https://www.exploit-db.com/exploits/19522

View Code ZIP pw:eip

The vulnerability in the Linux kernel's 'secure_tcp_sequence_number' function allows remote users to predict TCP initial sequence numbers (ISNs) due to weak MD4-based generation, enabling session spoofing and bypassing IP-based access controls. The analysis references the specific function and file in the kernel code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Linux kernel (versions affected by CVE-2001-0328)

No auth needed

Prerequisites: Network access to the target system · Ability to observe or predict TCP sequence numbers

MITRE ATT&CK