The vulnerabilities the same across all nine stacks involve the manner in which the so-called Initial Sequence Number (ISN) is generated.
The ISN ensures that every TCP connection is unique, that there are no collisions with other connections, and that no third party can interfere with an ongoing connection. To guarantee this, the ISN is randomly generated so no one can guess the number and use it to hijack an ongoing connection or spoof a new one.
Forescout s analysis showed problems with the manner in which the TCP/IP stacks that were analyzed generate the ISNs. In nine of the 11 stacks, the ISNs were improperly generated, leaving the connections open to attacks. In some cases, the numbers were predictable, and in others, the problem had to do with the underlying algorithm. In other cases, the numbers had constant increments, while others used a combination of values that could be inferred, Forescout said in its report.
マイクロソフト、2月の月例パッチ公開--悪用された脆弱性も
cnet.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from cnet.com Daily Mail and Mail on Sunday newspapers.
Microsoftが2月の月例パッチ公開、WindowsのTCP/IP実装に関する脆弱性などを修正
impress.co.jp - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from impress.co.jp Daily Mail and Mail on Sunday newspapers.
ムロツヨシ 役者を始めて25年、満を持して映画初主演「この物語の父になりたい」
livedoor.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from livedoor.com Daily Mail and Mail on Sunday newspapers.
RS-485/422 LANコンバータ 高速通信対応 MAX 4Mbps LNX-010/LNX-010eを発売
sankei.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from sankei.com Daily Mail and Mail on Sunday newspapers.