CVE-2008-4609 Vulnerability in TCP/IP stack involves multiple vendors

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609

https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

A paper and demonstration were given showing a new Denial of Service
attack on TCP/IP stacks across many vendors. In general, this is a DoS
attack that can cause temporary or permanent DoS to a service or
permanent service to the OS. It could lead to remote code execution in
some OSs.

This vulnerability is also referred to as the "Outpost24 TCP State Table
Manipulation Denial of Service Vulnerability".

Vendor Information

Microsoft

* Microsoft has published security bulletin MS09-048 to address this
issue
* http://www.microsoft.com/technet/security/bulletin/ms09-048.mspx
*
http://blogs.technet.com/srd/archive/2009/09/08/assessing-the-risk-of-th...

VMware

* VMware products are not vulnerable.

Cisco

* Cisco has published a Security Advisory dealing with the Outpost24
vulnerabilities
* http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml

CheckPoint

* CheckPoint has released two SecureKnowledge entries
*
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_do...
*
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_do...

Juniper

* Juniper Networks received the Sockstress tool and executed testing
on all our platforms. We have found no unexpected or adverse impact to
our equipment which is different from other types of TCP Denial of
Service (DOS). When the Sockstress DOS attack is removed, Juniper
systems recover normally. Given that Sockstress is not a new 'class' of
TCP attacks, existing Best Common Practices (BCPs) used to protect
Juniper products from TCP based DOS attacks are the best investment of
time. Juniper Security Advisory is PSN-2008-10-041 and can be found at
https://www.juniper.net/alerts/viewalert.jsp?actionbtn=Search&txtalertnu....
Access is via Entitled Disclosure. Please contact Juniper SIRT Team at
sirt@juniper.net for any questions on this or other feasible
vulnerabilities and risk to Juniper Network's products and services.

Clavister

* We can report that the TCP stack in our Security Gateway products
are not affected by these vulnerabilities.

Red Hat

* Red Hat has published a knowledgebase article about the issue
* http://kbase.redhat.com/faq/docs/DOC-18730

Sun Microsystems

* http://sunsolve.sun.com/search/document.do?assetkey=1-66-267088-1

Wind River

* Wind River's VxWorks is vulnerable. Register users can access Wind
River's online support for patches, and more information by following
this link:

https://support.windriver.com/olsPortal/faces/maintenance/downloadDetail...
* User may also contact Wind River technical support for more
information: http://windriver.com/support/

Fortinet

* We can report that the TCP stack in our Fortigate products are not
affected by these vulnerabilities.

Some of these will be followed up with individual security alerts. In
general, you should keep your systems up to date with the latest
patches. Should you notice any odd DoS attacks that follow these
symptoms, please let me know.

Thanks,
Brian