--------------------------------------------------------------------------- Title: Flood ACK packets cause AIX DoS. Released: 9th Oct 2002 --------------------------------------------------------------------------- Vulnerable: =========== - AIX version 4.3.3 with any ML - AIX 5 Overview: ========= AIX is a unix operating sistem developed by IBM distributed with a wide models of IBM hardware. There exists an stack problem with malformed TCP packets that can lead AIX to a DoS condition. To reach this condition a big band width is require. Details: ======== AIX has a pool of memory buffers known as mbuf, this buffers are used to manage the incoming and outbound network traffic. A flood of TCP packets with all flags off makes the AIX to fail in releasing the mbufs, an result in a 100% of CPU consume or even crash the system. To reach the DoS condition the flood must be over 2.8 Mbps, so this is more a DDoS attack. Vendor Response: ================ IBM was reported on March 18, 2002. The vendedor confirm the problem and release a fix. Corrective Action: ================== Apply APAR IV31641 Vulnerability Reporting Policy: =============================== http://www.ietf.org/internet-drafts/draft-christey-wysopal-vuln-disclosure-00.txt Author: Mauro Flores (maflores@antel.com.uy) Guillermo Freire (gfreire@antel.com.uy) --------------------------------------------------------------------------- ANTel is not responsible for the misuse of the information we provide through our security advisories. These advisories are a service to the professional security community. In no event shall ANTel be liable for any consequences whatsoever arising out of or in connection with the use or spread of this information. ---------------------------------------------------------------------------
