This came from one of the SANS lists that I subscribe to. Please follow the link, and if you have a vulnerable system, patch it. This bug effects Linux and Windows.
Description: Multiple Vendor TCP/IP stack implementations are reported vulnerable to a denial of service issue and occurs when an erroneous TCP acknowledgement number is encountered in an active TCP session stream. An attacker can inject a rogue TCP packet containing a valid sequence number and an invalid acknowledgement number into a target TCP stream to cause this issue to result in a degradation of the target connection, effectively denying service for legitimate users. Please refer the following link for vulnerable systems. Ref: http://www.securityfocus.com/bid/13215/info/ -- Neil Schneider pacneil_at_linuxgeek_dot_net http://www.paccomp.com Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D Sometimes I wonder whether the world is being run by smart people who are putting us on, or by imbeciles who really mean it - Mark Twain -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie
