TCP vulnerabilities - what about AIX
 
Home Help Login Register
*
Welcome, Guest. Please login or register. September 09, 2010, 06:54:38 PM


Login with username, password and session length


Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: TCP vulnerabilities - what about AIX  (Read 1932 times)
0 Members and 1 Guest are viewing this topic.
weskus
New Member
*
Posts: 2
« Reply #2 on: October 15, 2009, 08:41:03 AM »
NP Michael,
I have tried searching AIX security announcements, but haven't found a match.

Just in case, if link is not working:

8.9.2009
The results of the TCP vulnerability coordination project have been released

CERT-FI has published an advisory on the vulnerability coordination project regarding TCP protocol implementations. The coordination work started on August 2008.

Outpost24 reported a set of vulnerabilities in TCP implementations to CERT-FI in August 2008. CERT-FI has contacted possibly affected vendors and coordinated the patch release as well as research on the impact oft he vulnerability. Now, over a year after the coordination work started, patches have been made available. There are patches and advisories available from, e.g., Microsoft, Cisco and Checkpoint.

There is also a press release available on the issue: http://www.ficora.fi/en/index/viestintavirasto/lehdistotiedotteet/2009/P_22.html

CERT-FI has been following the coordination developments on its statement on the TCP issues: https://www.cert.fi/haavoittuvuudet/2008/tcpvulnerabilitiesstatement.html
Lisätietoa

    * CERT-FI Advisory on the Outpost24 TCP Issues
Logged
Michael
Administrator
Hero Member
*****
Posts: 681
« Reply #1 on: October 15, 2009, 08:34:35 AM »
My apologies. Missed this (beginning September was a busy time).

I tried the link, but got a HTTP 404 error, so I cannot reply on that specifically.

IBM does respond to CERT and other announcements as quickly as possible.

I would recommend getting subscribed to their lists:
Below is an except from a security announcement for contacting/subscribing to security alerts.

VI. CONTACT INFORMATION

    If you would like to receive AIX Security Advisories via email,
    please visit:
 
        http://www.ibm.com/systems/support
 
    and click on the "My notifications" link.
 
    To view previously issued advisories, please visit:
 
        http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd
 
    Comments regarding the content of this announcement can be
    directed to:

        security-alert@austin.ibm.com
 
    To obtain the PGP public key that can be used to communicate
    securely with the AIX Security Team you can either:
 
        A. Download the key from our web page:
 
  http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt
 
        B. Download the key from a PGP Public Key Server. The key ID is:
 
            0xADA6EB4D
 
    Please contact your local IBM AIX support center for any
    assistance.
Logged
weskus
New Member
*
Posts: 2
« on: September 11, 2009, 07:53:59 AM »
Some TCP protocol issue have been found:

http://www.cert.fi/tietoturvanyt/2009/09/ttn200909082100.html

I'm curious whether this applies to AIX or not. Or is my AIX TCP got patch already in the meanwhile...
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM
Page created in 0.656 seconds with 20 queries.



eXTReMe Tracker
Terms of Use and Privacy and Security Policies
Copyright 2001-2010 Michael Felt, John R Peck and ROOTVG.NET