We have done a security check on a server and its come back with
Linux Kernel TCP Sequence Number Generation Security Weakness. We are looking to correct this being flagged up on the check
We are using CentOS 5.10 with kernel 2.6.18-371.9.1.el5
Asked
Active
Viewed 250 times
-1
-
2If your security check doesn't tell you more about the vulnerabilities it finds, it's time to switch to a different vendor. – Dennis Kaarsemaker Aug 15 '14 at 08:12
1 Answers
3
Sounds like CVE-2011-3188 which has been fixed since the RedHat kernel 2.6.18-274.7.1.el5.
So either that server isn't running the kernel you mention (installed but not rebooted?), it tested the wrong system (some transparent device between the check and the server?) or it is a false positive (unsure why).
faker
- 17,326
- 2
- 60
- 69
-
Thanks for the info will get the vendor to check the server again. The server has been rebooted since the kernel updated. – toza Aug 15 '14 at 08:39