Updated: June 07, 2004
Affected
Cisco systems is vulnerable. Please see: http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml Please see Cisco's response to the Cansecwest presentation of this vulnerability: http://www.cansecwest.com/csw04/csw04-Ahlawat.ppt
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: April 28, 2004
Affected
Nortel Networks has evaluated this issue and testing has confirmed that it is possible to successfully exploit this vulnerability. However, the preconditions for a successful exploitation require levels of access to the network that are unlikely to be achieved in a normal network operating environment; furthermore, such levels of access would enable other forms of attack with much greater impact than that achievable by exploiting this vulnerability. Nortel Networks is continuing to validate that this vulnerability has no serious consequences for Nortel equipment, and will update this statement periodically.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 07, 2004
Affected
Redback Networks, Inc. has identified that the vulnerability described in TA04-111A may affect its products. To that end Redback has been providing security workarounds to protect existing installations and will issue software patches to provide a more robust solution to the problem. The SmartEdge Transport product line is unaffected by this vulnerability. Customers should contact Redback Networks Technical Assistance Center [Domestic TAC number (877) 733 2225; International TAC number is 31-104987777; Web: www.redback.com/support ] for more information and workarounds.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: May 01, 2006
Affected
Sun acknowledges that this vulnerability is not new, and similar RST-based DoS attacks are old and well-known. In this particular case, likely targets are long lived TCP connections between well-known hosts using well-known ports (or a small range of known ports). To be successful, the attacker needs to know the entire four-tuple of a TCP connection (both sides' IP addresses and TCP ports), and the TCP connection needs to stay up long enough. Sun is evaluating schemes to mitigate this vulnerability - including those discussed in the IETF draft on TCP Security. At present Sun believes that these conditions are not widespread in typical Internet use and is limited to protocols such as BGP. If this evaluation determines that a software update is the best solution to this problem, Sun will provide updates to our software. Meanwhile, please consult the advisories listed below for detailed mitigating strategies against these attacks: http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1704.txt http://www.us-cert.gov/cas/techalerts/TA04-111A.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.