[virusinfo] Oxygen3 24h-365d [Multiple systems affected by a vulnerability in TCP - 04/21/04]

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Thu, 22 Apr 2004 09:02:26 -0700

From; Panda Oxygen3 24h-365d:

"I am not discouraged, because every wrong 
            attempt discarded is another step forward."
   Thomas Alva Edison (1847-1931); US physicist and inventor.

     - Multiple systems affected by a vulnerability in TCP -
 Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, April 21, 2004 - US-CERT/CC has published, at
http://www.us-cert.gov/cas/techalerts/TA04-111A.html, an advisory about a
vulnerability in TCP that could allow a malicious user to carry out denial
of service attacks.

This is a serious problem, as multiple implementations of the BGP (Border
Gateway Protocol) rely on TCP to maintain permanent unauthenticated network
sessions. Therefore, the vulnerability detected could allow remote attackers
to terminate network sessions.

Although BGP (designed to exchange information between routers and other
devices) has been identified as vulnerable, the problem could affect any
other protocol or service that rely on persistent TCP connections.

Some manufacturers, such as Cisco (*), have already published advisories
about the impact of this vulnerability on their systems.

As a workaround, users are recommended to implement and use
cryptographically secure protocols. Similarly, users are advised to keep
informed about the updates published by the manufacturers of affected
products.

(*) The advisories published by Cisco are available at:
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Oxygen3 24h-365d [Multiple systems affected by a vulnerability in TCP - 04/21/04]

1. Home
2. virusinfo
3. Archive
4. 04-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---