|
|
V40E_MUP01 TCP Initial Sequence Number Security Vulnerability Tru64 TITLE: Tru64 UNIX V4.0e
|
TITLE: V40E_MUP01 TCP Initial Sequence Number Security Vulnerability Tru64
UNIX V4.0E
* No Restrictions For Distribution *
______________________________________________________________
UPDATE: FEB 23, 1999
TITLE: Tru64 UNIX V4.0e
- Potential Security Vulnerability
ref#: SSRT0595U "TCP Initial Sequence Number"
SOURCE: Compaq Computer Corporation
Software Security Response Team
"Compaq is broadly distributing this Security Advisory in order
to bring to the attention of users of Compaq products the
important security information contained in this Advisory.
Compaq recommends that all V4.0E Patch Kit 1 users install this
patch as soon as possible.
Compaq does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently,
Compaq will not be responsible for any damages resulting from
user's use or disregard of the information provided in this
Advisory."
----------------------------------------------------------------------
IMPACT:
"A potential vulneraiblity caused by the TCP Initial Sequence Number
being assigned in such a manner that unauthorized users may get access
to a system." This problem is only present in Tru64 UNIX V4.0E.
----------------------------------------------------------------------
RESOLUTION:
This potential security problem has been resolved and a
patch for this problem has been made available for
Tru64 UNIX V4.0e, only.
*This solution will be included in future distributed releases of
Compaq's Tru64 UNIX.
This patch may be obtained from the World Wide Web at the
following FTP address:
http://www.support.compaq.com/patches
Use the FTP access option, select DIGITAL_UNIX directory
then choose the appropriate version directory and
download the patch accordingly.
Patch ID: v40e_mup01.tar
Note: [1] REQUIRED PATCHES: Tru64 UNIX V4.0E/TCR 1.5 Patch Kit 1
(BL1) must be installed before the replacement V4.0E inet.mod
is installed. The V4.0E/TCR 1.5 Patch Kit 1 can be accessed
from the web page listed above.
[2] IMPORTANT - Please review all README and
release notes which are related to this patch or an
official patch kit, prior to installation of this patch.
Additional Considerations:
The README file with this patch details what is being replaced and
what the customer is required to do to install the patch.
If you believe you have, or aren't sure if you have, previously
installed a patch to any of these modules you should contact your
normal Compaq Service channel.
Also, if you need further information, please contact your normal
Compaq Services support channel.
Compaq appreciates your cooperation and patience. We regret any
inconvenience applying this information may cause.
As always, Compaq urges you to periodically review your system
management and security procedures.
Compaq will continue to review and enhance the security
features of its products and work with customers to maintain and
improve the security and integrity of their systems.
______________________________________________________________
Copyright (c) Compaq Computer Corporation, 1999 All
Rights Reserved.
Unpublished Rights Reserved Under The Copyright Laws Of
The United States.
______________________________________________________________
Files on this server are as follows:
|
»v40e_mup01.README
»v40e_mup01.CHKSUM
»v40e_mup01.tar
|