|
Multiple Vendor TCP Initial Sequence Number Statistical Vulnerability
Solution: Under Solaris 7, it has been suggested that the feasibility of this attack is eliminated by setting "tcp_strong_iss=2". SGI has suggests the tcpiss_md5 kernel parameter may eliminate this vulnerability. Details are available in the SGI advisory 20020303-01-A listed as a reference. This parameter is disabled by default. SGI has released a second advisory for this issue which contains fixes for the IRIX operating system. Users are advised to upgrade their systems as soon as possible. Users of HP-UX 11.0 may install patch PHNE_22397 to enable HP randomization of initial sequence numbers. Users of HP-UX 11.0, 11.04 and 11.11 may enable RFC 1948 compliant randomization through patches PHNE_26771, PHNE_26101, or PHNE_25644 respectively. Once patched, the following shell command must be executed by root: ndd -set /dev/tcp tcp_isn_passphrase <secret passphrase> Where <secret passphrase> is any length character string. Only the first 32 characters will be retained. If the passphrase is changed the system should be rebooted. Several vendors have released kernel patches and upgrades which address this issue: Cisco IOS 12.0SC Cisco IOS 12.0XA Cisco IOS 12.1XQ Cisco IOS 12.1XJ Cisco IOS 12.1XI Cisco IOS 12.1XS Cisco IOS 12.0XB Cisco IOS 12.1XV Cisco IOS 11.0 Cisco IOS 12.0XG Cisco IOS 12.1YD Cisco IOS 12.0XS Cisco IOS 12.1XX Cisco IOS 11.3 Cisco IOS 12.1XM Cisco IOS 12.0XK Cisco IOS 12.1XY Cisco IOS 12.1XL Cisco IOS 12.1XT Cisco IOS 11.1CC Cisco IOS 11.1CA Cisco IOS 11.2P Cisco IOS 12.0XH Cisco IOS 12.0DC Cisco IOS 12.0T Cisco IOS 11.3NA Cisco IOS 11.2 Cisco IOS 11.3AA Cisco IOS 12.1YA Cisco IOS 12.1YB Cisco IOS 12.1XG Cisco IOS 11.1 Cisco IOS 11.2GS Cisco IOS 11.3(2)XA FreeBSD FreeBSD 3.5 -STABLEpre050201
SGI IRIX 6.5.14 f SGI IRIX 6.5.14 m |
|
 Privacy Statement |
