SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Blue Coat ProxySG Vendors:   Blue Coat Systems
(Blue Coat Issues Advisory for ProxySG) Various TCP Stack Implementations Let Remote Users Deny Service
SecurityTracker Alert ID:  1023055
SecurityTracker URL:  http://securitytracker.com/id/1023055
CVE Reference:   CVE-2008-4609   (Links to External Site)
Date:  Oct 20 2009
Impact:   Denial of service via network
Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in various TCP stack implementations. A remote user can cause denial of service conditions. Blue Coat ProxySG is affected.

A remote user can send specially crafted data to cause denial of service conditions on the target TCP connection queue.

Published reports indicate that a TCP connection must be established with the target system to exploit these vulnerabilities and that the vulnerabilities are based on weaknesses in the TCP protocol.

Robert E. Lee and Jack Louis of Outpost24 reported these vulnerabilities.

The vulnerabilities were publicly referenced in August 2008 in a blog posting:

http://blog.robertlee.name/2008/08/updates.html

CERT-FI is coordinating with affected vendors.

The CERT-FI advisory is available at:

https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

[Editor's note: This Alert is a placeholder to document the overall vendor community investigation of these vulnerabilities. As vendors and researchers confirm which specific products are affected, separate Alerts will be issued for each affected product.]

Impact:   A remote user can cause denial of service conditions.
Solution:   Blue Coat has issued an advisory for Blue Coat ProxySG, which is affected by this vulnerability.

The Blue Coat advisory is available at:

https://kb.bluecoat.com/index?page=content&id=SA37

Cause:   State error

Message History:   This archive entry is a follow-up to the message listed below.
Oct 17 2008 Various TCP Stack Implementations Let Remote Users Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC