| VID |
13002 |
| Severity |
30 |
| Port |
|
| Protocol |
TCP |
| Class |
Protocol |
| Detailed Description |
The TCP sequence number is predictaed. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from trusted machines. These forged packets can compromise services, such as rsh and rlogin, because their authentication is based on IP addresses. Attackers can also perform IP address spoofing and session hijacking to gain access to the target system.
* References:
http://www.iss.net/security_center/static/139.php
http://www.cert.org/advisories/CA-1995-01.html |
| Recommendation |
Ask your vendor for patches to correct TCP sequence prediction. Note that some patches make sequence prediction more difficult, but still possible. As a result, the host may continue to report this vulnerability.
For Windows NT, apply Service Pack 5 or later, which improves (but does not fully correct) Windows NT's sequence predictability. Then apply the patch referenced in Microsoft Security Bulletin MS99-046. Note that Windows NT machines may continue to report this vulnerability.
The latest Windows NT 4.0 Service Pack can download from:
http://support.microsoft.com/support/ntserver/Content/ServicePacks
For HP-UX: HP-UX 9.0 users can obtain and apply patch ID PHNE_14212 at http://us-support.external.hp.com/wpsl/bin/doc.pl/. (Note: Requires no-cost password to access Patch Database)
For Cisco IOS 11.x and 12.x: Obtain latest fixes as listed in Cisco Security Advisory, http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml |
| Related URL |
CVE-1999-0077 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
