Chiaro Networks Information for VU#637934

TCP does not adequately validate segments before updating timestamp value

Status

Unknown. If you are the vendor named above, please contact us to update your status.

Vendor Statement

The Enstara router is vulnerable to the condition described in VU#637934. Because BGP sessions are particularly vulnerable, Chiaro Networks recommends protecting BGP sessions using the following techniques:


    1) Enable GTSM as described in RFC3682
    2) Enable MD5 authentication on the TCP connection between BGP peers.

Customers will be notified as soon as a fix is available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.