cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Kinsella (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-5243) SSVM responds with timestamp
Date Thu, 21 Nov 2013 22:39:36 GMT
John Kinsella created CLOUDSTACK-5243:
-----------------------------------------

             Summary: SSVM responds with timestamp
                 Key: CLOUDSTACK-5243
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5243
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
    Affects Versions: 4.2.0
            Reporter: John Kinsella
             Fix For: 4.3.0


Scanners report SSVM responded with a TCP timestamp and that “the TCP timestamp response
can be used to approximate the remote host's uptime, potentially aiding in further attacks.
Additionally, some operating systems can be fingerprinted based on the behavior of their TCP
timestamps.”  The fix is straightforward:

Identified by: Demetrius Tsitrelis from Citrix 



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message