- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- HP ILO 1.93 (and older) Predictable TCP Initial S...
Server Management - Remote Server Management
1748282
Members
3988
Online
108761
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 05:09 AM
01-13-2009 05:09 AM
HP ILO 1.93 (and older) Predictable TCP Initial Sequence Numbers Vulnerability
Qualys security scanner reports HP ILO 1 ips as vulnerable to "Predictable TCP Initial Sequence Numbers Vulnerability", which breaks PCI DSS compliance ( https://www.pcisecuritystandards.org/security_standards/pci_pa_dss.shtml ) according to Qualys.
The impact is, that servers with HP ILO 1 can not be used in Payment Card Industry DSS compliant environments. Can someone report this as a bug?
more information:
--
2 Predictable TCP Initial Sequence Numbers Vulnerability
QID: 82005 CVSS Base: 7.5 PCI FAILED
Category: TCP/IP CVSS Temporal: 5.4
CVE ID: CVE-1999-0077, CVE-2000-0328, CVE-2000-0916, CVE-2001-0328
Vendor Reference: -
Bugtraq ID: 2682
Modified: 06/06/2008
Edited: No
THREAT:
This server uses TCP/IP implementation that respects the "64K rule", or a "time dependent rule" for generating TCP sequence numbers. Unauthorized users can
predict sequence numbers when two hosts are communicating, and connect to your server from any source IP address. The only difference with a legitimate
connection is that the attacker will not see the replies sent back to the authorized user whose IP was forged.
IMPACT:
Some services, such as rsh or rlogin, may base their authentication on the source IP address. Since malicious users can forge the IP address of a trusted host, they
can bypass authentication protocol. This problem may pose severe threats to any server offering Berkeley "r" services (rlogin, rsh, etc.) or any source IP-based
authentication.
If you do not provide such services, this problem is not critical. If you do use this kind of authentication protocol, unauthorized remote users can execute
commands, and completely compromise your system. Therefore, this vulnerability can be considered dangerous and critical.
SOLUTION:
You may need to upgrade your Operating System to change the behavior of your TCP/IP stack regarding this problem.
This cert advisory describes how to fix this issue : CA-2001-09 (http://www.cert.org/advisories/CA-2001-09.html)
For Microsoft systems you can apply this patch : MS99-046 (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q243835&sd=tech): How to Prevent
Predictable TCP/IP Initial Sequence Numbers
For Cisco IOS systems you can apply this patch : cisco-sa-20010301-ios-tcp-isn-random
(http://www.cisco.com/warp/public/707/cisco-sa-20010301-ios-tcp-isn-random.shtml): Cisco IOS Software TCP Initial Sequence Number Randomization
Improvements
COMPLIANCE:
Not Applicable
RESULTS:
Constant changes in initial sequence numbers observed in 22 out of 23 events.
[ Sent Packets Results ]
Packet 1 : TIME[1231344785.981295] SEQ[15149442] CHANGE[N/A] VARIATION[N/A]
Packet 2 : TIME[1231344785.988236] SEQ[15149449] CHANGE[7] VARIATION[N/A]
Packet 3 : TIME[1231344785.995231] SEQ[15149456] CHANGE[7] VARIATION[0]
Packet 4 : TIME[1231344786. 2236] SEQ[15149463] CHANGE[7] VARIATION[0]
Packet 5 : TIME[1231344786. 9229] SEQ[15149470] CHANGE[7] VARIATION[0]
Packet 6 : TIME[1231344786. 16228] SEQ[15149477] CHANGE[7] VARIATION[0]
Packet 7 : TIME[1231344786. 23225] SEQ[15149484] CHANGE[7] VARIATION[0]
Packet 8 : TIME[1231344786. 30224] SEQ[15149491] CHANGE[7] VARIATION[0]
Packet 9 : TIME[1231344786. 37224] SEQ[15149498] CHANGE[7] VARIATION[0]
Packet 10 : TIME[1231344786. 44222] SEQ[15149505] CHANGE[7] VARIATION[0]
Packet 11 : TIME[1231344786. 51222] SEQ[15149512] CHANGE[7] VARIATION[0]
Payment Card Industry (PCI) Technical Report page 200
Packet 12 : TIME[1231344786. 58220] SEQ[15149519] CHANGE[7] VARIATION[0]
Packet 13 : TIME[1231344786. 65220] SEQ[15149526] CHANGE[7] VARIATION[0]
Packet 14 : TIME[1231344786. 72219] SEQ[15149533] CHANGE[7] VARIATION[0]
Packet 15 : TIME[1231344786. 79218] SEQ[15149540] CHANGE[7] VARIATION[0]
Packet 16 : TIME[1231344786. 86216] SEQ[15149547] CHANGE[7] VARIATION[0]
Packet 17 : TIME[1231344786. 93216] SEQ[15149554] CHANGE[7] VARIATION[0]
Packet 18 : TIME[1231344786.100217] SEQ[15149561] CHANGE[7] VARIATION[0]
Packet 19 : TIME[1231344786.107218] SEQ[15149568] CHANGE[7] VARIATION[0]
Packet 20 : TIME[1231344786.114213] SEQ[15149575] CHANGE[7] VARIATION[0]
Packet 21 : TIME[1231344786.121212] SEQ[15149582] CHANGE[7] VARIATION[0]
Packet 22 : TIME[1231344786.128210] SEQ[15149589] CHANGE[7] VARIATION[0]
Packet 23 : TIME[1231344786.135210] SEQ[15149596] CHANGE[7] VARIATION[0]
Packet 24 : TIME[1231344786.142208] SEQ[15149603] CHANGE[7] VARIATION[0]
Constant changes in initial sequence numbers observed in 21 out o
f 23 events.
Packet 1 : TIME[1231344839.390171] SEQ[15202848] CHANGE[N/A] VARIATION[N/A]
Packet 2 : TIME[1231344839.398113] SEQ[15202856] CHANGE[8] VARIATION[N/A]
Packet 3 : TIME[1231344839.405109] SEQ[15202863] CHANGE[7] VARIATION[1]
Packet 4 : TIME[1231344839.412108] SEQ[15202870] CHANGE[7] VARIATION[0]
Packet 5 : TIME[1231344839.419107] SEQ[15202877] CHANGE[7] VARIATION[0]
Packet 6 : TIME[1231344839.426107] SEQ[15202884] CHANGE[7] VARIATION[0]
Packet 7 : TIME[1231344839.433106] SEQ[15202891] CHANGE[7] VARIATION[0]
Packet 8 : TIME[1231344839.440104] SEQ[15202898] CHANGE[7] VARIATION[0]
Packet 9 : TIME[1231344839.447107] SEQ[15202905] CHANGE[7] VARIATION[0]
Packet 10 : TIME[1231344839.454102] SEQ[15202912] CHANGE[7] VARIATION[0]
Packet 11 : TIME[1231344839.461101] SEQ[15202919] CHANGE[7] VARIATION[0]
Packet 12 : TIME[1231344839.468111] SEQ[15202926] CHANGE[7] VARIATION[0]
Packet 13 : TIME[1231344839.475101] SEQ[15202933] CHANGE[7] VARIATION[0]
Packet 14 : TIME[1231344839.482098] SEQ[15202940] CHANGE[7] VARIATION[0]
Packet 15 : TIME[1231344839.489096] SEQ[15202947] CHANGE[7] VARIATION[0]
Packet 16 : TIME[1231344839.496095] SEQ[15202954] CHANGE[7] VARIATION[0]
Packet 17 : TIME[1231344839.503094] SEQ[15202961] CHANGE[7] VARIATION[0]
Packet 18 : TIME[1231344839.510093] SEQ[15202968] CHANGE[7] VARIATION[0]
Packet 19 : TIME[1231344839.517100] SEQ[15202975] CHANGE[7] VARIATION[0]
Packet 20 : TIME[1231344839.524091] SEQ[15202982] CHANGE[7] VARIATION[0]
Packet 21 : TIME[1231344839.531089] SEQ[15202989] CHANGE[7] VARIATION[0]
Packet 22 : TIME[1231344839.538089] SEQ[15202996] CHANGE[7] VARIATION[0]
Packet 23 : TIME[1231344839.545088] SEQ[15203003] CHANGE[7] VARIATION[0]
Packet 24 : TIME[1231344839.552088] SEQ[15203010] CHANGE[7] VARIATION[0]
The impact is, that servers with HP ILO 1 can not be used in Payment Card Industry DSS compliant environments. Can someone report this as a bug?
more information:
--
2 Predictable TCP Initial Sequence Numbers Vulnerability
QID: 82005 CVSS Base: 7.5 PCI FAILED
Category: TCP/IP CVSS Temporal: 5.4
CVE ID: CVE-1999-0077, CVE-2000-0328, CVE-2000-0916, CVE-2001-0328
Vendor Reference: -
Bugtraq ID: 2682
Modified: 06/06/2008
Edited: No
THREAT:
This server uses TCP/IP implementation that respects the "64K rule", or a "time dependent rule" for generating TCP sequence numbers. Unauthorized users can
predict sequence numbers when two hosts are communicating, and connect to your server from any source IP address. The only difference with a legitimate
connection is that the attacker will not see the replies sent back to the authorized user whose IP was forged.
IMPACT:
Some services, such as rsh or rlogin, may base their authentication on the source IP address. Since malicious users can forge the IP address of a trusted host, they
can bypass authentication protocol. This problem may pose severe threats to any server offering Berkeley "r" services (rlogin, rsh, etc.) or any source IP-based
authentication.
If you do not provide such services, this problem is not critical. If you do use this kind of authentication protocol, unauthorized remote users can execute
commands, and completely compromise your system. Therefore, this vulnerability can be considered dangerous and critical.
SOLUTION:
You may need to upgrade your Operating System to change the behavior of your TCP/IP stack regarding this problem.
This cert advisory describes how to fix this issue : CA-2001-09 (http://www.cert.org/advisories/CA-2001-09.html)
For Microsoft systems you can apply this patch : MS99-046 (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q243835&sd=tech): How to Prevent
Predictable TCP/IP Initial Sequence Numbers
For Cisco IOS systems you can apply this patch : cisco-sa-20010301-ios-tcp-isn-random
(http://www.cisco.com/warp/public/707/cisco-sa-20010301-ios-tcp-isn-random.shtml): Cisco IOS Software TCP Initial Sequence Number Randomization
Improvements
COMPLIANCE:
Not Applicable
RESULTS:
Constant changes in initial sequence numbers observed in 22 out of 23 events.
[ Sent Packets Results ]
Packet 1 : TIME[1231344785.981295] SEQ[15149442] CHANGE[N/A] VARIATION[N/A]
Packet 2 : TIME[1231344785.988236] SEQ[15149449] CHANGE[7] VARIATION[N/A]
Packet 3 : TIME[1231344785.995231] SEQ[15149456] CHANGE[7] VARIATION[0]
Packet 4 : TIME[1231344786. 2236] SEQ[15149463] CHANGE[7] VARIATION[0]
Packet 5 : TIME[1231344786. 9229] SEQ[15149470] CHANGE[7] VARIATION[0]
Packet 6 : TIME[1231344786. 16228] SEQ[15149477] CHANGE[7] VARIATION[0]
Packet 7 : TIME[1231344786. 23225] SEQ[15149484] CHANGE[7] VARIATION[0]
Packet 8 : TIME[1231344786. 30224] SEQ[15149491] CHANGE[7] VARIATION[0]
Packet 9 : TIME[1231344786. 37224] SEQ[15149498] CHANGE[7] VARIATION[0]
Packet 10 : TIME[1231344786. 44222] SEQ[15149505] CHANGE[7] VARIATION[0]
Packet 11 : TIME[1231344786. 51222] SEQ[15149512] CHANGE[7] VARIATION[0]
Payment Card Industry (PCI) Technical Report page 200
Packet 12 : TIME[1231344786. 58220] SEQ[15149519] CHANGE[7] VARIATION[0]
Packet 13 : TIME[1231344786. 65220] SEQ[15149526] CHANGE[7] VARIATION[0]
Packet 14 : TIME[1231344786. 72219] SEQ[15149533] CHANGE[7] VARIATION[0]
Packet 15 : TIME[1231344786. 79218] SEQ[15149540] CHANGE[7] VARIATION[0]
Packet 16 : TIME[1231344786. 86216] SEQ[15149547] CHANGE[7] VARIATION[0]
Packet 17 : TIME[1231344786. 93216] SEQ[15149554] CHANGE[7] VARIATION[0]
Packet 18 : TIME[1231344786.100217] SEQ[15149561] CHANGE[7] VARIATION[0]
Packet 19 : TIME[1231344786.107218] SEQ[15149568] CHANGE[7] VARIATION[0]
Packet 20 : TIME[1231344786.114213] SEQ[15149575] CHANGE[7] VARIATION[0]
Packet 21 : TIME[1231344786.121212] SEQ[15149582] CHANGE[7] VARIATION[0]
Packet 22 : TIME[1231344786.128210] SEQ[15149589] CHANGE[7] VARIATION[0]
Packet 23 : TIME[1231344786.135210] SEQ[15149596] CHANGE[7] VARIATION[0]
Packet 24 : TIME[1231344786.142208] SEQ[15149603] CHANGE[7] VARIATION[0]
Constant changes in initial sequence numbers observed in 21 out o
f 23 events.
Packet 1 : TIME[1231344839.390171] SEQ[15202848] CHANGE[N/A] VARIATION[N/A]
Packet 2 : TIME[1231344839.398113] SEQ[15202856] CHANGE[8] VARIATION[N/A]
Packet 3 : TIME[1231344839.405109] SEQ[15202863] CHANGE[7] VARIATION[1]
Packet 4 : TIME[1231344839.412108] SEQ[15202870] CHANGE[7] VARIATION[0]
Packet 5 : TIME[1231344839.419107] SEQ[15202877] CHANGE[7] VARIATION[0]
Packet 6 : TIME[1231344839.426107] SEQ[15202884] CHANGE[7] VARIATION[0]
Packet 7 : TIME[1231344839.433106] SEQ[15202891] CHANGE[7] VARIATION[0]
Packet 8 : TIME[1231344839.440104] SEQ[15202898] CHANGE[7] VARIATION[0]
Packet 9 : TIME[1231344839.447107] SEQ[15202905] CHANGE[7] VARIATION[0]
Packet 10 : TIME[1231344839.454102] SEQ[15202912] CHANGE[7] VARIATION[0]
Packet 11 : TIME[1231344839.461101] SEQ[15202919] CHANGE[7] VARIATION[0]
Packet 12 : TIME[1231344839.468111] SEQ[15202926] CHANGE[7] VARIATION[0]
Packet 13 : TIME[1231344839.475101] SEQ[15202933] CHANGE[7] VARIATION[0]
Packet 14 : TIME[1231344839.482098] SEQ[15202940] CHANGE[7] VARIATION[0]
Packet 15 : TIME[1231344839.489096] SEQ[15202947] CHANGE[7] VARIATION[0]
Packet 16 : TIME[1231344839.496095] SEQ[15202954] CHANGE[7] VARIATION[0]
Packet 17 : TIME[1231344839.503094] SEQ[15202961] CHANGE[7] VARIATION[0]
Packet 18 : TIME[1231344839.510093] SEQ[15202968] CHANGE[7] VARIATION[0]
Packet 19 : TIME[1231344839.517100] SEQ[15202975] CHANGE[7] VARIATION[0]
Packet 20 : TIME[1231344839.524091] SEQ[15202982] CHANGE[7] VARIATION[0]
Packet 21 : TIME[1231344839.531089] SEQ[15202989] CHANGE[7] VARIATION[0]
Packet 22 : TIME[1231344839.538089] SEQ[15202996] CHANGE[7] VARIATION[0]
Packet 23 : TIME[1231344839.545088] SEQ[15203003] CHANGE[7] VARIATION[0]
Packet 24 : TIME[1231344839.552088] SEQ[15203010] CHANGE[7] VARIATION[0]
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP