IBM Corporation Information for VU#222750

TCP/IP implementations do not adequately validate ICMP error messages

Status

Affected

Vendor Statement

The AIX Operating System is affected by the issues discussed in CERT Vulnerability note VU#222750 and NISCC vulnerability #432967. An advisory for this issue will be available via https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs

For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=

In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration.

All questions should be refferred to servsec@us.ibm.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Please see http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

If you have feedback, comments, or additional information about this vulnerability, please send us email.