多个供应商TCP最初序列号统计漏洞-一一网

多个供应商TCP最初序列号统计漏洞

4年前更新

1620

漏洞信息详情

多个供应商TCP最初序列号统计漏洞

CNNVD编号：CNNVD-200106-174

危害等级：中危
CVE编号：
CVE-2001-0328
漏洞类型：

设计错误
发布时间：

2001-06-27
威胁类型：

远程
更新时间：

2009-03-04
厂商：
漏洞来源：
Originally discove…

漏洞简介

TCP安装启用对最初序列号（ISN）使用随机增量。远程攻击者通过注入一大批带一系列ISN值的数据包执行会话劫持或者破坏，而其中之一可能与期望的ISN匹配。

漏洞公告

Under Solaris 7, it has been suggested that the feasibility of this attack is eliminated by setting “tcp_strong_iss=2”.
SGI has suggests the tcpiss_md5 kernel parameter may eliminate this vulnerability. Details are available in the SGI advisory 20020303-01-A listed as a reference. This parameter is disabled by default.
SGI has released a second advisory for this issue which contains fixes for the IRIX operating system. Users are advised to upgrade their systems as soon as possible.
Users of HP-UX 11.0 may install patch PHNE_22397 to enable HP randomization of initial sequence numbers.
Users of HP-UX 11.0, 11.04 and 11.11 may enable RFC 1948 compliant randomization through patches PHNE_26771, PHNE_26101, or PHNE_25644 respectively. Once patched, the following shell command must be executed by root:
ndd -set /dev/tcp tcp_isn_passphrase
Where is any length character string. Only the first 32 characters will be retained. If the passphrase is changed the system should be rebooted.
Several vendors have released kernel patches and upgrades which address this issue:
Cisco IOS 11.0

Cisco IOS 11.0(22a)

Cisco IOS 11.1 CC

Cisco IOS 11.1(36)CC1

Cisco IOS 11.1 CA

Cisco IOS 11.1(36)CA1

Cisco IOS 11.1

Cisco IOS 11.1(24a)

Cisco IOS 11.2 P

Cisco IOS 11.2(25a)P

Cisco IOS 11.2

Cisco IOS 11.2(25a)

Cisco IOS 11.2 GS

Cisco IOS 12.0(15)S1

Cisco IOS 11.3

Cisco IOS 11.3(11b)

Cisco IOS 11.3 NA

Cisco IOS 12.1(7)

Cisco IOS 11.3 AA

Cisco IOS 11.3(11a)AA

Cisco IOS 11.3 (2)XA

Cisco IOS 11.3(11b)T1

Cisco IOS 12.0 SC

Cisco IOS 12.0(15)SC1

Cisco IOS 12.0 XA

Cisco IOS 12.1(7)

Cisco IOS 12.0 XB

Cisco IOS 12.1(7)

Cisco IOS 12.0 XG

Cisco IOS 12.1(7)

Cisco IOS 12.0 XS

Cisco IOS 12.1(5c)E8

Cisco IOS 12.0 XK

Cisco IOS 12.0(7)XK4

Cisco IOS 12.0 XH

Cisco IOS 12.0(4)XH5

Cisco IOS 12.0 DC

Cisco IOS 12.1(4)DC2

Cisco IOS 12.0 T

Cisco IOS 12.1(7)

Cisco IOS 12.1 XQ

Cisco IOS 12.1(3)XQ1

Cisco IOS 12.1 XJ

Cisco IOS 12.1(5)YB

Cisco IOS 12.1 XI

Cisco IOS 12.1(3)XI6

Cisco IOS 12.1 XS

Cisco IOS 12.1(5c)EX

Cisco IOS 12.1 XV

Cisco IOS 12.1(5)XV1

Cisco IOS 12.1 YD

Cisco IOS 12.1(5)YD

Cisco IOS 12.1 XX

Cisco IOS 12.1(5)XX3

Cisco IOS 12.1 XM

Cisco IOS 12.0(5)XM1

Cisco IOS 12.1 XY

Cisco IOS 12.1(5)XY4

Cisco IOS 12.1 XL

Cisco IOS 12.1(3)XL1

Cisco IOS 12.1 XT

Cisco IOS 12.1(3)XT1

Cisco IOS 12.1 YA

Cisco IOS 12.1(5)YA1

Cisco IOS 12.1 YB

Cisco IOS 12.1(5)YB

Cisco IOS 12.1 XG

Cisco IOS 12.1(3)XG3

FreeBSD FreeBSD 3.5 -STABLEpre050201

FreeBSD 3.5.1 tcp-isn-3.5.1-rel.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-3.5.1-
rel.patch
FreeBSD 3.5.1 tcp-isn-3.5.1-stable.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-3.5.1-
stable.patch

SGI IRIX 6.5.14 f

SGI 4766
ftp://patches.sgi.com/support/free/security/patches/

SGI IRIX 6.5.14 m

SGI 4765
ftp://patches.sgi.com/support/free/security/patches/

参考网址

来源:CERT/CC Advisory: CA-2001-09
名称: CA-2001-09
链接:http://www.cert.org/advisories/CA-2001-09.html

来源: OVAL
名称: oval:org.mitre.oval:def:4922
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4922

来源: SREASON
名称: 57
链接:http://securityreason.com/securityalert/57

来源: SECUNIA
名称: 8044
链接:http://secunia.com/advisories/8044

来源: SGI
名称: 20030201-01-P
链接:ftp://patches.sgi.com/support/free/security/advisories/20030201-01-P

受影响实体

暂无

© 版权声明

文章版权归作者所有，未经允许请勿转载。

THE END

喜欢就支持一下吧

相关推荐