Hewlett-Packard Company Information for VU#498440

Multiple TCP/IP implementations may use statistically predictable initial sequence numbers

Status

Affected

Vendor Statement

Current statement PGP Signed: 8/29/2002 8:51:54 PM

====================================================

The following tcp randomizations are now available:

        HP-UX releases 11.00, 11.04, and 11.11 (11i):
             - HP randomization
             - RFC 1948 ISN randomization


        For HP randomization on releases:
           HP-UX 11.00:       PHNE_22397 or subsequent,
           HP-UX 11.11:       default mode.

         For RFC 1948 ISN randomization
           HP-UX 11.00:       PHNE_26771 or subsequent,
           HP-UX 11.04:       PHNE_26101 or subsequent,
           HP-UX 11.11:       PHNE_25644 or subsequent.



 To enable tcp randomization on HP-UX 11.00, 11.04, and 11.11(11i):

- ----------------------------------------------------------------------
- --

  HP randomization

     HP-UX release 11.00:
    Install PHNE_22397 or subsequent.  The HP randomization will
    then be the default tcp randomization.

       NOTE: This patch has dependencies.


     HP-UX release 11.11 (11i):
    No patch is required.  The HP randomization has always been
    implemented in HP-UX 11.11 (11i) and is the default tcp
    randomization.

  RFC 1948 ISN randomization

     HP-UX 11.00:       Apply PHNE_26771 or subsequent.
    HP-UX 11.04:       Apply PHNE_26101 or subsequent.
    HP-UX 11.11 (11i): Apply PHNE_25644 or subsequent.

     Once the appropriate patch has been applied the RFC 1948 ISN
    randomization can be enabled on HP-UX 11.00, 11.04 and 11.11
    by executing the following command as root:

         ndd -set /dev/tcp tcp_isn_passphrase <secret passphrase>
             where <secret passphrase> is any length character
             string.  Only the first 32 characters will be
             retained.  If the passphrase is changed the system
             should be rebooted.

     NOTE: RFC 1948 ISN randomization is not available on
          HP-UX release 10.20.  Customers who want RFC 1948
          ISN randomization should upgrade to HP-UX 11.X and
          apply necessary patches as discussed herein.



For the the legacy 10.20 release:
- ---------------------------------

  HP created a tunable kernel parameter that can enable two levels of
 randomization.    This randomization feature requires a TRANSPORT
patch
 level of:

  For S700 platform:  PHNE_17096 or greater
 For S800 platform:  PHNE_17097 or greater

  The tunable kernel parameter is set as follows using the "nettune"
program:

    tcp_random_seq set to 0  (Standard TCP sequencing)
   tcp_random_seq set to 1  (Random TCP sequencing)
   tcp_random_seq set to 2  (Increased Random TCP sequencing)

  and requires a reboot.
- --

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

Previous statement issued 05/01/2001:

HP has been tracking tcp randomization issues over the years, and has to date implemented the following:

             For 11.00 and 11.11 (11i):
             _______________________________

             For 11.00, if you want HP's solution for randomized ISN numbers then apply TRANSPORT patch PHNE_22397. Once you apply PHNE_22397, there's nothing more to do --- default is randomized ISNs.

             (Note: PHNE_22397 has patch dependencies unrelated to ISN randomized ISN number modification listed in the dependency section, but they should still be also applied. One is a PHKL kernel patch dependency and the other STREAMS/UX minimum level patch dependency.)

             The LR release of 11.11 (11i) has the same random ISN implementation as the patched 11.00.

             For the the legacy 10.20 release
             __________________________________

             HP created a tunable kernel parameter that can enable two levels of randomization. This randomization feature requires a TRANSPORT patch level of:


             For S700 platform:  PHNE_17096 or greater
             For S800 platform:  PHNE_17097 or greater

             The tunable kernel parameter is set as follows using the "nettune" program:

                     tcp_random_seq set to 0  (Standard TCP sequencing)
                     tcp_random_seq set to 1  (Random TCP sequencing)
                     tcp_random_seq set to 2  (Increased Random TCP sequencing)

             and requires a reboot.

If you have feedback, comments, or additional information about this vulnerability, please send us email.