Another security flaw has emerged with communications based on transmission control protocol (TCP) that could be used to "hijack" a user's session on the Internet or a corporate network, a computer security services company announced Monday.
Tim Newsham, a senior research scientist with US-based Guardent, discovered the TCP vulnerability, the company said in a statement. Newsham's research exposes a weakness in the generation of TCP's ISNs (initial sequence numbers), which are used to maintain session information between network devices. ISNs are used as a handshake between two machines, identifying legitimate packet traffic.
The numbers are randomly generated, but they can be guessed with a high rate of accuracy, the company said. Sequence numbers coupled with session information could provide network access and then offer a launch pad to conduct sophisticated network attacks. A hacker could launch DoS (denial of service) attacks to cut off individual Web server connections, commence an information poisoning attack to taint legitimate data and hijack a user's session on a computer system.
Guardent has no hard evidence that the vulnerability was used by hackers, said Guardent's vice president of research and development, Jerry Brady. This is not the first time that ISN weaknesses have been discovered, he said. Improvements to TCP were made in 1989 and again in 1995 to ensure more secure TCP sessions, Brady said.
On March 1 Cisco Systems announced a similar flaw in its Internetwork Operating System (IOS) software that could compromise traffic sent to and from its routers and switches. Cisco had no evidence that the vulnerability had been exploited.
Guardent has shared its information on the vulnerability with the Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University, network equipment vendors, operating system vendors and government agencies, the company said.