IBM AIX Operating System TCP Selective Acknowledgement Feature May Let Remote Users Crash the System - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (UNIX) > TCP/IP Stack Implementation

IBM AIX Operating System TCP Selective Acknowledgement Feature May Let Remote Users Crash the System

SecurityTracker Alert ID: 1005604

SecurityTracker URL: http://securitytracker.com/id/1005604

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Nov 12 2002

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): AIX 4.3.3, 5.1.0

Description: A denial of service vulnerability was reported in IBM's AIX operating system. A remote user can cause the system to crash in a certain configuration.

It is reported that if the Selective Acknowledgement "sack" network option is set on the target system and the number of retransmissions of TCP packets on the network exceeds the specified level, the system will crash.

This is due to a flaw in the AIX tcp_UpSACKInfo() function.

Impact: A remote user may be able to cause the system to crash.

Solution: The vendor has issued the following APARs:

IY30696 (AIX 4.3.3):

http://techsupport.services.ibm.com/support/rs6000.support/fixsearch?fixdb=aix4&srchtype=apar&query=IY30696

IY30975 (AIX 5.1.0):

http://techsupport.services.ibm.com/server/aix.fixdist51?fixes=IY30975&whichFix=APAR

As a workaround, you can disable the "sack" option.

Vendor URL: techsupport.services.ibm.com/server/aix.uhuic_getrec?args=DVsteamboat.boulder.ibm.com+DBAIX2+DA3557+STIY30696+USbin (Links to External Site)

Cause: State error

Underlying OS:

Message History: None.

Source Message Contents

Date: Tue, 5 Nov 2002 06:42:31 -0600
Subject: Re: New_AIXV4_Fixes



APAR: IY30696  COMPID: 5765C3403  REL: 430
ABSTRACT: SYSTEM CRASH IN TCP_UPSACKINFO()

PROBLEM DESCRIPTION:
Sytem crash in tcp_UpSACKInfo() if the "sack" network option
is set and number of retransimissions of TCP packets is more
across the network.

LOCAL FIX:
Disable "sack"

PROBLEM SUMMARY:
If sack network option is set, customer will experience
system crash if the no. of retransmissions of the packets
accross the network is more.

PROBLEM CONCLUSION:
Removing the unnecessary increment of both old and new
max_sack_blocks pointer inside the for loop in
tcp_UpSACKInfo().

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC