search menu icon-carat-right cmu-wordmark

CERT Coordination Center


TCP does not adequately validate segments before updating timestamp value

Vulnerability Note VU#637934

Original Release Date: 2005-05-18 | Last Revised: 2005-08-23

Overview

Certain TCP implementations may allow a remote attacker to arbitrarily modify host timestamp values, leading to a denial-of-service condition.

Description

The Transmission Control Protocol (TCP) is defined in RFC 793 as a means to provide reliable host-to-host transmission between hosts in a packet-switched computer networks. RFC 1323 introduced techniques to increase the performance of TCP. Two such techniques are TCP timestamps and Protection Against Wrapped Sequence Numbers (PAWS).

In certain implementations of TCP with timestamps enabled, both hosts maintain an internal timer that is used to detect segment loss and regulate traffic flow. PAWS uses timestamps to prevent duplicate or old segments from corrupting an active connection. In PAWS with the timestamps option enabled, hosts use an internal timer to track the value of the timestamp in incoming segments against the last valid timestamp recorded. If the segment's timestamp is larger than the value of the last valid timestamp and the sequence number is less than the last acknowledgement sent, then the host's internal timer is updated with the new timestamp value and the segment is passed on for further processing. Otherwise, the segment is rejected as too old or a duplicate.

If a remote attacker can determine the source and destination ports as well as IP addresses of both hosts engaged in an active connection, that attacker may be able to inject a specially crafted segment into the connection. When the spoofed segment is received the host's internal timer value will be changed to the value in the crafted segment. Please note that, in certain TCP implementations, sequence numbers are not properly validated before the internal timer is updated, soan attacker does not need to know a correct sequence number to change the internal timer. If the internal timer value is set to a large value, then it will likely be larger than the timestamp value in subsequent incoming segments. This will cause new, legitimate TCP segments to be evaluated as too old and discarded. As segments are rejected, the flow of data between hosts stops, resulting in a denial-of-service condition.

For more information about TCP, timestamps, and PAWS please see RFC 793 and RFC 1323.

Impact

An unauthenticated, remote attacker could cause TCP connections to abort/drop segments, leading to a denial-of-service condition.

Solution

Apply a patch
Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take. Please see the list of vendors we have notified below.

Disable PAWS


As a workaround, disable PAWS and TCP timestamps if they are not needed.

Vendor Information

637934
Expand all

Avaya

Notified:  March 09, 2005 Updated:  June 30, 2005

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://support.avaya.com/elmodocs2/security/ASA-2005-148.pdf for information regarding this vulnerability.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Blue Coat Systems

Updated:  June 30, 2005

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Security Advisory: TCP Vulnerability CAN-2005-0356

Date:
June 28, 2005

Severity:
High

Description:
Some Blue Coat Systems products are vulnerable to the attack described in CAN-2005-0356. This is a denial of service vulnerability that exists for TCP RFC 1323. The issue exists in the Protection Against Wrapped Sequence Numbers (PAWS) technique when TCP PAWS is configured to employ timestamp values.

A successful attack may result in a TCP connection to drop packets, resulting is a denial of service situation.

Affected Systems:
All OS Releases (CacheOS, SGOS)

Workaround:
Disable rfc-1323 support

SG3/SG4

#(config)tcp-ip rfc-1323 disable

SG2

#(config) reveal-advanced tcp-ip
#(config) tcp-ip no rfc-1323

Fixed in:
SG3.2.5 (TBD)
SG4.1.2 (TBD)

Additional Information:
http://www.kb.cert.org/vuls/id/637934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0356

For more information, please contact the Blue Coat Technical Support Department.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems Inc.

Notified:  March 09, 2005 Updated:  June 06, 2005

Status

  Vulnerable

Vendor Statement

"Cisco Systems, Inc. has released a security notice in response to CERT/CC Vulnerability Note VU#637934, which is available at the following URL:

http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml

For up-to-date information on security vulnerabilities in Cisco Systems,
Inc. products, visit http://www.cisco.com/go/psirt"

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeBSD

Notified:  March 09, 2005 Updated:  May 25, 2005

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c Revision 1.252.2.16

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi

Notified:  March 09, 2005 Updated:  June 20, 2005

Status

  Vulnerable

Vendor Statement

AlaxalA Networks AX series are vulnerable to this issue. More details are available at

http://www.alaxala.com/jp/support/ICMP-20050518.html (Japanese)

Hitachi GR2000/GR4000/GS4000/GS3000 are vulnerable to this issue. More details are available at

http://www.hitachi.co.jp/Prod/comp/network/notice/VU-637934.html (Japanese)

[NOT VULNERABLE]

Hitachi HI-UX/WE2 is NOT vulnerable to this issue.

Hitachi Cable Apresia/GMX/HSW series are NOT vulnerable to this issue. More details are available at

http://www.hitachi-cable.co.jp/infosystem/security/hcvu0002.stm (Japanese)

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Microsoft Corporation

Notified:  March 09, 2005 Updated:  May 18, 2005

Status

  Vulnerable

Vendor Statement

Changes made during the development of Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and the MS05-019 security update eliminated this vulnerability. If you have installed any of these updates, you are protected from this vulnerability and no further action is required. See

http://www.microsoft.com/technet/security/advisory/899480.mspx

for more information about this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please refer to http://www.microsoft.com/technet/security/advisory/899480.mspx and http://www.microsoft.com/technet/security/advisory/899480.mspx

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD

Notified:  March 09, 2005 Updated:  May 18, 2005

Status

  Vulnerable

Vendor Statement

A patch for OpenBSD 3.6 and previous releases is available at

http://openbsd.org/errata36.html#tcp

OpenBSD 3.7, being released on May 19, is not vulnerable because
it contains the fix.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.openbsd.org/errata.html#rtt and http://openbsd.org/errata36.html#tcp

[Note the CERT/CC has not verified the contents of the Vendor Statement above.]

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Redback Networks Inc.

Notified:  March 09, 2005 Updated:  May 19, 2005

Status

  Vulnerable

Vendor Statement

Impact of CERT® Advisory VU#637934 on Redback Products

Vulnerability Description: Systems with persistent TCP connections might be affected by this vulnerability.

The TCP Timestamps option (RFC1323) is deployed widely. There is a variant of the TCP Timestamps option, which would supposedly be more prevalent than the standard algorithm. The variant, however, has a vulnerability which allows malicious, off-path third parties to stall TCP connections.

More details on this vulnerability can be found at the CERT website. (www.cert.org)

Impacted Redback Products: NONE of Redback SmartEdge 400, 800 Routers; Redback SmartEdge 400, 800 Service Gateway Systems are impacted by this issue.
NONE of the products of SMS product-line are affected by this issue

Why Redback products are not affected:
The TCP/IP stack on both of Redback product-lines already implements all validation procedures outlined in the CERT advisory before a packet is accepted and the session timestamp updated. Consequently, TCP applications on Redback products are not vulnerable to this attack.

Recommended Best Practice to Guard Against TCP Attacks: While there is no way a network operator can completely defend against various vulnerabilities and hacker attacks, Redback Networks products already implement many mechanisms to guard against such attacks. Some examples include:
·MD5 authentication for TCP

·IP source address validation on any subscriber circuit, so no subscriber terminated on the box can participate in this type of attack.

Vulnerability Resolution: NOT Required on this since Redback product-lines are not affected.

For further assistance or information regarding this topic contact the Redback Networks Technical Assistance Center (TAC). TAC is prepared to provide worldwide support for security workarounds that address this issue. There are several known workarounds that can significantly reduce this exposure. The Redback domestic TAC number is (877) 733 2225 and International TAC phone number is 31-104987777. Redback TAC will provide detailed information to our worldwide systems engineers and focal engineers to assist customers in configuring these workarounds.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Yamaha

Updated:  May 26, 2005

Status

  Vulnerable

Vendor Statement

YAMAHA products are Vulnerable.

Vendor comment:
We provide the information on this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Check Point

Notified:  March 09, 2005 Updated:  May 19, 2005

Status

  Not Vulnerable

Vendor Statement

For further information, please refer to the following Check Point SecureKnowledge article: Solution ID: sk30828

https://secureknowledge.checkpoint.com/sk/public/intro.jsp.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see


https://secureknowledge.checkpoint.com/sk/public/intro.jsp

reference ID# sk30828

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Clavister

Notified:  March 09, 2005 Updated:  May 18, 2005

Status

  Not Vulnerable

Vendor Statement

Clavister Security Gateway is itself not vulnerable to this attack. It also has the ability to protect clients against these attacks by allowing the administrator to specify that timestamp options should be removed from TCP packets.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Foundry Networks Inc.

Notified:  March 09, 2005 Updated:  May 18, 2005

Status

  Not Vulnerable

Vendor Statement

Foundry Networks products are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu

Notified:  March 09, 2005 Updated:  May 23, 2005

Status

  Not Vulnerable

Vendor Statement

FUJITSU products are NOT susceptible to this vulnerability.

We continue to check our products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation

Notified:  March 09, 2005 Updated:  May 17, 2005

Status

  Not Vulnerable

Vendor Statement

sent on May 17, 2005

=====================================================================

* NEC products are NOT susceptible to this vulnerability.
- We continue to check our products.

=====================================================================

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Netfilter

Notified:  March 09, 2005 Updated:  March 17, 2005

Status

  Not Vulnerable

Vendor Statement

The Linux Kernel implements a check "(B')" as specified in the document. Therefore, the Linux Kernel TCP implementation is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NextHop

Notified:  March 09, 2005 Updated:  March 16, 2005

Status

  Not Vulnerable

Vendor Statement

NextHop Technologies does not provide an implementation of TCP; therefore NextHop software is not vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc.

Notified:  March 09, 2005 Updated:  August 23, 2005

Status

  Not Vulnerable

Vendor Statement

Red Hat Enterprise Linux is not vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Secure Computing Corporation

Notified:  March 09, 2005 Updated:  April 11, 2005

Status

  Not Vulnerable

Vendor Statement

Not Vulnerable

All versions of the Sidewinder(r) v5.x Firewall and Sidewinder G2(r) Security Appliance use one of the implementations recommended for mitigation of this attack. Sidewinder and Sidewinder G2 also support IPsec, allowing a complete workaround for the attack when required. No patches or updates are required.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems Inc.

Notified:  March 09, 2005 Updated:  April 11, 2005

Status

  Not Vulnerable

Vendor Statement

Solaris is not vulnerable to this issue

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

WatchGuard

Notified:  March 09, 2005 Updated:  April 15, 2005

Status

  Not Vulnerable

Vendor Statement

Watchguard's curent assessment is that we are not affected by this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

3Com

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AT&T

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alcatel

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer Inc.

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avici Systems Inc.

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Borderware

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Chiaro Networks

Notified:  March 09, 2005 Updated:  May 18, 2005

Status

  Unknown

Vendor Statement

The Enstara router is vulnerable to the condition described in VU#637934. Because BGP sessions are particularly vulnerable, Chiaro Networks recommends protecting BGP sessions using the following techniques:


    1) Enable GTSM as described in RFC3682
    2) Enable MD5 authentication on the TCP connection between BGP peers.

Customers will be notified as soon as a fix is available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Computer Associates

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cray Inc.

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cwnt

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Data Connection

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

EMC Corporation

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Engarde

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Extreme Networks

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F5 Networks

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fortinet

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

GTA

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company

Notified:  March 09, 2005 Updated:  May 17, 2005

Status

  Unknown

Vendor Statement

SOURCE: Hewlett-Packard Company Software Security Response Team

x-ref:SSRT5929

HP's operating system products are not vulnerable.

To report potential security vulnerabilities in HP software, send an E-mail message to security-alert@hp.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hyperchip

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM eServer

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM zSeries

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IP Filter

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Immunix

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ingrian Networks

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Inoto

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intel

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Internet Security Systems Inc.

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lachman

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Linksys

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lucent Technologies

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Luminous

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Multi-Tech Systems Inc.

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Multinet

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetBSD

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Netscreen

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Network Appliance

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks

Notified:  March 09, 2005 Updated:  May 24, 2005

Status

  Unknown

Vendor Statement

Nortel has posted Security Advisory Bulletin no. 2005005916 addressing the TCP Timestamps issue at http://nortel.com/securityadvisories

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2005/20/019115-01.pdf

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Riverstone Networks

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SCO Linux

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SCO Unix

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SecureWorx

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sony Corporation

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Stonesoft

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SuSE Inc.

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Symantec Corporation

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TurboLinux

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Unisys

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems Inc.

Notified:  March 09, 2005 Updated:  May 18, 2005

Status

  Unknown

Vendor Statement

Wind River customers should access www.windriver.com to determine the potential vulnerability of their product and download an update.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ZyXEL

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

eSoft

Notified:  March 09, 2005 Updated:  March 09, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to Noritoshi Demizu for researching and reporting this vulnerability.

This document was written by Jeff Gennari.

Other Information

CVE IDs: CVE-2005-0356
Severity Metric: 4.73
Date Public: 2005-05-18
Date First Published: 2005-05-18
Date Last Updated: 2005-08-23 15:39 UTC
Document Revision: 215

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.