[nsp-sec] Potential TCP / IP vulnerabilities announced
Eronen Juhani
juhani.eronen at ficora.fi
Thu Oct 2 10:57:52 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We have issued the following statement on the issues. Note that the
vulnerability details will _not_ come out at the T2 conference.
https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html
CERT-FI Statement on the Outpost24 TCP Issues
Version Information
CERT-FI Reference FICORA #193744
Release Date 02 October 2008 14:00 UTC
Last Revision 02 October 2008
Version Number 1.0
Summary
A TCP weakness presented by Outpost24 has received a great deal of
publicity during this week. CERT-FI is co-ordinating the work
regarding this vulnerability with relevant vendors and its
discoverers. Work on determining the scope and impact of the
vulnerability is currently ongoing, and will be followed a
coordinated process of patching and publication. Additional details
about the issue will be published following the guidelines of
responsible disclosure.
According to publically available data, the vulnerability is based on
a denial of service on the TCP connection queue of a target host.
Public sources also state that the vulnerability can be exploited
with relatively small amounts of traffic. Based on our evaluation,
the vulnerability can be mitigated by source address level filtering.
Contact Information
CERT-FI Vulnerability Coordination can be contacted as follows:
Email:
vulncoord at ficora.fi
Please quote the advisory reference in the subject line
Telephone:
+358 9 6966 510
Monday - Friday 08:00 - 16:15 (EET: UTC+2)
Fax :
+358 9 6966 515
Post:
Vulnerability Coordination
FICORA/CERT-FI
P.O. Box 313
FI-00181 Helsinki
FINLAND
CERT-FI encourages those who wish to communicate via email to make
use of our PGP key. The key is available at
https://www.cert.fi/en/activities/contact/pgp-keys.html
Best Regards,
- -Jussi / CERT-FI Vulnerability Co-ordination
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBSOThmv+uGgthPsivEQJihACgjnnY+14jMZ42MA/Dukp0V9O9wWIAoJvS
dJxmH1wFjixD8EjvpW+Q1L3q
=eezJ
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list