SEARCH CONTACT US SUPPORT SERVICES PRODUCTS STORE
United States    
COMPAQ STORE | PRODUCTS | SERVICES | SUPPORT | CONTACT US | SEARCH
gears
compaq support options
support home
software & drivers
ask Compaq
reference library
support forum
frequently asked questions
support tools
warranty information
service centers
contact support
product resources
parts for your system
give us feedback
associated links
.
} what's new
.
} contract access
.
} browse patch tree
.
} search patches
.
} join mailing list
.
} feedback
.
patches by topic
.
} DOS
.
} OpenVMS
.
} Security
.
} Tru64 Unix
.
} Ultrix 32
.
} Windows
.
} Windows NT
.
connection tools
.
} nameserver lookup
.
} traceroute
.
} ping 

V40E_MUP01 TCP Initial Sequence Number Security Vulnerability Tru64 


TITLE: V40E_MUP01 TCP Initial Sequence Number Security Vulnerability Tru64 
       UNIX V4.0E
 



                     * No Restrictions For Distribution *

______________________________________________________________
UPDATE:                                         FEB  23,  1999

  TITLE: Tru64 UNIX  V4.0e
         - Potential Security Vulnerability
	ref#: SSRT0595U "TCP Initial Sequence Number"
          
  SOURCE: Compaq Computer Corporation
          Software Security Response Team 

 "Compaq is broadly distributing this Security Advisory in order
 to bring to the attention of users of Compaq products the
 important security information contained in this Advisory. 
 Compaq recommends that all V4.0E Patch Kit 1 users install this
 patch as soon as possible. 

 Compaq does not warrant that this information is necessarily
 accurate or complete for all user situations and, consequently,
 Compaq will not be responsible for any damages resulting from
 user's use or disregard of the information provided in this
 Advisory."

----------------------------------------------------------------------
IMPACT:
                                                                       
 "A potential vulneraiblity caused by the TCP Initial Sequence Number
 being assigned in such a manner that unauthorized users may get access
 to a system."  This problem is only present in Tru64 UNIX V4.0E.
   

----------------------------------------------------------------------
RESOLUTION:

 This potential security problem has been resolved and a
 patch for this problem has been made available for 
 Tru64 UNIX V4.0e, only. 
  
	
 *This solution will be included in future distributed releases of 
  Compaq's Tru64 UNIX. 
 
  This patch may be obtained from the World Wide Web at the
  following FTP address:


	http://www.support.compaq.com/patches
	
	Use the FTP access option, select DIGITAL_UNIX directory
	then choose the appropriate version directory and
	download the patch accordingly. 

  Patch ID:     v40e_mup01.tar

  Note: [1]   REQUIRED PATCHES: Tru64 UNIX V4.0E/TCR 1.5 Patch Kit 1
	(BL1) must be installed before the replacement V4.0E inet.mod
	is installed.  The V4.0E/TCR 1.5 Patch Kit 1 can be accessed 
            from the web page listed above.   

        [2]   IMPORTANT - Please review all README and 
      	release notes which are related to this patch or an
	official patch kit, prior to installation of this patch.
 
 Additional Considerations:

   The README file with this patch details what is being replaced and
   what the customer is required to do to install the patch.

   If you believe you have, or aren't sure if you have, previously
   installed a patch to any of these modules you should contact your
   normal Compaq Service channel.
	
   Also, if you need further information, please contact your normal 
   Compaq Services support channel.

   Compaq appreciates your cooperation and patience. We regret any
   inconvenience applying this information may cause.

   As always, Compaq urges you to periodically review your system
   management and security procedures. 

   Compaq will continue to review and enhance the security
   features of its products and work with customers to maintain and
   improve the security and integrity of their systems.

  ______________________________________________________________  
  Copyright (c) Compaq Computer Corporation, 1999 All
  Rights Reserved.
  Unpublished Rights Reserved Under The Copyright Laws Of
  The United States.
  ______________________________________________________________

This patch can be found at any of these sites:

Colorado Site
Georgia Site


Files on this server are as follows:

v40e_mup01.README
v40e_mup01.CHKSUM
v40e_mup01.tar

privacy and legal statement