Sun Microsystems, Inc. Information for VU#222750

TCP/IP implementations do not adequately validate ICMP error messages



Vendor Statement

Sun is only marginally impacted by the issues described in Gont's ICMP Internet Draft as existing TCP connections will not be dropped. There may be a performance impact but no more or less than flooding any link or system with garbage messages will cause performance problems. Sun is issuing Sun Alert 57746 to further describe Sun's specific impact and details which will be available here:

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.