Notified: March 08, 2001 Updated: September 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: October 20, 2015
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Please see ICS-CERT Advisory ICSA-15-153-01.
Notified: March 08, 2001 Updated: September 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 08, 2001 Updated: September 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 08, 2001 Updated: September 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 08, 2001 Updated: September 12, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 08, 2001 Updated: April 22, 2001
Statement Date: April 20, 2001
Affected
Hi. Fujitsu is currently working on the patches for the UXP/V operating system to address the vulnerabilities reported in VU#498440. The patches will be made available with the following ID numbers: OS Version,PTF level patch ID UXP/V V20L10 X01021 UX28164 UXP/V V20L10 X00091 UX28163 UXP/V V10L20 X01041 UX15529
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 08, 2001 Updated: September 12, 2002
Statement Date: August 30, 2002
Affected
Current statement PGP Signed: 8/29/2002 8:51:54 PM The following tcp randomizations are now available: HP-UX releases 11.00, 11.04, and 11.11 (11i): - HP randomization
- RFC 1948 ISN randomization For HP randomization on releases: HP-UX 11.00: PHNE_22397 or subsequent,
HP-UX 11.11: default mode. For RFC 1948 ISN randomization
HP-UX 11.00: PHNE_26771 or subsequent,
HP-UX 11.04: PHNE_26101 or subsequent,
HP-UX 11.11: PHNE_25644 or subsequent. To enable tcp randomization on HP-UX 11.00, 11.04, and 11.11(11i): HP randomization HP-UX release 11.00: Install PHNE_22397 or subsequent. The HP randomization will
then be the default tcp randomization. NOTE: This patch has dependencies. HP-UX release 11.11 (11i): No patch is required. The HP randomization has always been
implemented in HP-UX 11.11 (11i) and is the default tcp
randomization. RFC 1948 ISN randomization HP-UX 11.00: Apply PHNE_26771 or subsequent. HP-UX 11.04: Apply PHNE_26101 or subsequent. HP-UX 11.11 (11i): Apply PHNE_25644 or subsequent. Once the appropriate patch has been applied the RFC 1948 ISN
randomization can be enabled on HP-UX 11.00, 11.04 and 11.11
by executing the following command as root: ndd -set /dev/tcp tcp_isn_passphrase
We are not aware of further vendor information regarding this vulnerability.
Previous statement issued 05/01/2001: HP has been tracking tcp randomization issues over the years, and has to date implemented the following: For 11.00 and 11.11 (11i): For 11.00, if you want HP's solution for randomized ISN numbers then apply TRANSPORT patch PHNE_22397. Once you apply PHNE_22397, there's nothing more to do --- default is randomized ISNs. (Note: PHNE_22397 has patch dependencies unrelated to ISN randomized ISN number modification listed in the dependency section, but they should still be also applied. One is a PHKL kernel patch dependency and the other STREAMS/UX minimum level patch dependency.) The LR release of 11.11 (11i) has the same random ISN implementation as the patched 11.00. For the the legacy 10.20 release HP created a tunable kernel parameter that can enable two levels of randomization. This randomization feature requires a TRANSPORT patch level of: For S700 platform: PHNE_17096 or greater For S800 platform: PHNE_17097 or greater The tunable kernel parameter is set as follows using the "nettune" program: tcp_random_seq set to 0 (Standard TCP sequencing) tcp_random_seq set to 1 (Random TCP sequencing) tcp_random_seq set to 2 (Increased Random TCP sequencing) and requires a reboot.
Notified: March 08, 2001 Updated: April 19, 2001
Statement Date: April 12, 2001
Not Affected
We have studied the document written by Guardent regarding vulnerabilities caused by statistical analysis of random increments, that may allow a malicious user to predict the next sequence of chosen TCP connections. IBM's AIX operating system should not be vulnerable as we have implemented RFC 1948 in our source coding. According to Guardent, we do not expect an exploit described in the document to affect our AIX OS because we employ RFC 1948.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 08, 2001 Updated: September 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 08, 2001 Updated: September 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 08, 2001 Updated: September 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 08, 2001 Updated: April 19, 2001
Statement Date: March 08, 2001
Affected
post-2.8 we no longer use random increments, but a much more sophisticated way., please note that using real random initial sequence numbers is pretty much in violation of the RFC's, since random number generators are totally allowed to provide a number like 42 three times in a row.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 08, 2001 Updated: September 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: March 20, 2002
Statement Date: April 25, 2001
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
SGI has released security advisory 20020303-01-A regarding this issue.
Notified: March 08, 2001 Updated: September 12, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: October 20, 2015
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Multiple versions of VxWorks generate TCP ISNs in a predictable way. For more information, see ICS-CERT Advisory ICSA-15-169-01. Wind River, sometimes called Wind River Systems, is a wholly owned subsidiary of Intel. VxWorks is used in many OEM products, including Schneider Electric control systems equipment.