Wind River Systems, Inc. Information for VU#222750
TCP/IP implementations do not adequately validate ICMP error messages
In all releases after VxWorks 5.3 a hard error does not result in TCP aborting the connection. The hard error code is saved by TCP. If the connection is dropped due to a timeout this error code is available to the application. Wind River Network Stack 2.0 already checks the ICMP sequence numbers. The release of VxWorks 6.0 and the MSP updates shipping in the fall of 2004 are based on this stack.
Wind River is planning updates to the VxWorks 5.5 and 5.4 versions of the stack that will include the fix for ICMP. These updates are planned for 2005.
The vendor has not provided us with any further information regarding this vulnerability.
Please see http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
If you have feedback, comments, or additional information about this vulnerability, please send us email.