From ${URL} : Common Vulnerabilities and Exposures assigned an identifier CVE-2001-0328 to the following vulnerability: TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN. References: [1] ftp://patches.sgi.com/support/free/security/advisories/20030201-01-P [2] http://www.cert.org/advisories/CA-2001-09.html [3] http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4922 [4] http://secunia.com/advisories/8044 [5] http://securityreason.com/securityalert/57 Further Linux kernel related references: [6] http://lkml.indiana.edu/hypermail/linux/kernel/9605.2/0101.html [7] http://lwn.net/Articles/455270/ [8] http://lwn.net/Articles/455131/ [9] http://lwn.net/Articles/455135/ [10] http://www.ietf.org/rfc/rfc1948.txt [11] http://comments.gmane.org/gmane.linux.network.general/1056
These references don't seem to actually point to more information about a specific kernel vulnerability, but rather speak about a generic TCP issue. That said, with the age of this I can't imagine we have vulnerable kernels still in tree.