SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Networking Stack (TCP/IP)  >   TCP/IP Stack Implementation Vendors:   [Multiple Authors/Vendors]
Various TCP Stack Implementations Let Remote Users Deny Service
SecurityTracker Alert ID:  1021066
SecurityTracker URL:  http://securitytracker.com/id/1021066
CVE Reference:   CVE-2008-4609   (Links to External Site)
Updated:  Sep 8 2009
Original Entry Date:  Oct 17 2008
Impact:   Denial of service via network


Description:   Several vulnerabilities were reported in various TCP stack implementations. A remote user can cause denial of service conditions. Multiple vendors and products are affected.

A remote user can send specially crafted data to cause denial of service conditions on the target TCP connection queue.

Published reports indicate that a TCP connection must be established with the target system to exploit these vulnerabilities and that the vulnerabilities are based on weaknesses in the TCP protocol.

Robert E. Lee and Jack Louis of Outpost24 reported these vulnerabilities.

The vulnerabilities were publicly referenced in August 2008 in a blog posting:

http://blog.robertlee.name/2008/08/updates.html

CERT-FI is coordinating with affected vendors.

The CERT-FI advisory is available at:

https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

[Editor's note: This Alert is a placeholder to document the overall vendor community investigation of these vulnerabilities. As vendors and researchers confirm which specific products are affected, separate Alerts will be issued for each affected product.]
Impact:   A remote user can cause denial of service conditions.
Solution:   No solution was available at the time of this entry.
Cause:   State error
Underlying OS:  

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 8 2009 (Microsoft Issues a Fix) Various TCP Stack Implementations Let Remote Users Deny Service
Microsoft has issued a fix for Windows.
Sep 8 2009 (Check Point Issues Fix for VPN-1) Various TCP Stack Implementations Let Remote Users Deny Service
Check Point has developed a hotfix for VPN-1.
Sep 8 2009 (Check Point Issues Fix for Connectra) Various TCP Stack Implementations Let Remote Users Deny Service
Check Point has developed a hotfix for Connectra.
Sep 8 2009 (Cisco Issues Fix for IOS) Various TCP Stack Implementations Let Remote Users Deny Service   (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>)
Cisco has released a fix for IOS.
Sep 8 2009 (Cisco Issues Fix for CatOS) Various TCP Stack Implementations Let Remote Users Deny Service   (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>)
Cisco has released a fix for CatOS.
Sep 8 2009 (Cisco Issues Fix for NX-OS) Various TCP Stack Implementations Let Remote Users Deny Service   (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>)
Cisco has released a fix for NX-OS.
Sep 8 2009 (Cisco Issues Fix for ASA) Various TCP Stack Implementations Let Remote Users Deny Service   (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>)
Cisco has released a fix for ASA.
Sep 8 2009 (Cisco Issues Fix for PIX) Various TCP Stack Implementations Let Remote Users Deny Service   (Cisco Systems Product Security Incident Response Team <psirt@cisco.com>)
Cisco has released a fix for PIX.
Sep 10 2009 (Sun Issues Advisory) Various TCP Stack Implementations Let Remote Users Deny Service
Sun has issued an advisory for Solaris 8, 9, 10, and OpenSolaris.
Sep 15 2009 (VxWorks Issues Fix) Various TCP Stack Implementations Let Remote Users Deny Service
WindRiver has issued a fix for VxWorks.
Sep 30 2009 (McAfee Issues Fix for Email and Web Security Appliance) Various TCP Stack Implementations Let Remote Users Deny Service
McAfee has issued a fix for McAfee Email and Web Security Appliance 5.1.
Oct 20 2009 (Blue Coat Issues Advisory for iShared) Various TCP Stack Implementations Let Remote Users Deny Service
Blue Coat has issued an advisory for Blue Coat iShared.
Oct 20 2009 (Blue Coat Issues Advisory for Director) Various TCP Stack Implementations Let Remote Users Deny Service
Blue Coat has issued an advisory for Blue Coat Director.
Oct 20 2009 (Blue Coat Issues Advisory for IntelligenceCenter) Various TCP Stack Implementations Let Remote Users Deny Service
Blue Coat has issued an advisory for Blue Coat IntelligenceCenter.
Oct 20 2009 (Blue Coat Issues Advisory for ProxySG) Various TCP Stack Implementations Let Remote Users Deny Service
Blue Coat has issued an advisory for Blue Coat ProxySG.
Oct 20 2009 (Blue Coat Issues Advisory for ProxyAV) Various TCP Stack Implementations Let Remote Users Deny Service
Blue Coat has issued an advisory for Blue Coat ProxyAV.
Dec 17 2009 (Citrix Issues Fix for Citrix Access Gateway) Various TCP Stack Implementations Let Remote Users Deny Service
Citrix has issued a fix for Citrix Access Gateway.
Dec 17 2009 (Citrix Issues Fix for NetScaler) Various TCP Stack Implementations Let Remote Users Deny Service
Citrix has issued a fix for Citrix NetScaler.


 Source Message Contents
Date:  Fri, 17 Oct 2008 14:33:19 -0400
Subject:  TCP/IP


https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC