| Advisory Number: AV05-011
Multiple Vendor loopback (land.c) Denial of Service Vulnerability
08 March 2005
Purpose
A number of TCP/IP stacks are vulnerable to a "loopback" condition
initiated by sending a TCP SYN packet with the source address and port
spoofed to equal the destination source and port.
Assessment
When a packet of this sort is received, an infinite loop is initiated
and the affected system halts. This is known to affect Windows 95,
Windows NT 4.0 up to SP3, Windows Server 2003, Windows XP SP2, Cisco
IOS devices & catalyst switches, and HP-UX up to 11.00.
Suggested Action
Microsft Windows Server 2003, and Microsoft Windows XP SP2 are apparently
immune to this attack if their host-based firewall software is enabled.
PSEPC recommends that sytem administrators test and apply the following
patches or upgrades to:
FreeBSD FreeBSD 2.2.5
FreeBSD Patch land-22 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/old/SA-98:01/land-22 
HP HP-UX 10.0 1
HP Patch PHNE_13472
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s800/10.X/PHNE_13472
Series 800 HP Patch PHNE_13473
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s700/10.X/PHNE_13473
Series 700
HP HP-UX 10.0
HP Patch PHNE_13474
ftp://ftp.itrc.hp.com/hp-ux_patches/s800/10.X/PHNE_13474
Series 800 HP Patch PHNE_13475
ftp://ftp.itrc.hp.com/hp-ux_patches/s700/10.X/PHNE_13475
Series 700
HP HP-UX 10.10:
HP Patch PHNE_13470
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s800/10.X/PHNE_13470
Series 800 HP Patch PHNE_13471
ftp://ftp.itrc.hp.com/hp-ux_patches/s700/10.X/PHNE_13471
Series 700
HP HP-UX 10.16
HP Patch PHKL_14242
ftp://ftp.itrc.hp.com/hp-ux_patches/s700/10.X/PHKL_14242
Series 700 HP Patch PHKL_14243
ftp://ftp.itrc.hp.com/hp-ux_patches/s800/10.X/PHKL_14243
Series 800
HP HP-UX 10.20
HP Patch PHNE_13468
ftp://ftp.itrc.hp.com/superseded_patches/hp-=ux_patches/s800/10.X/PHNE_13468
HP HP-UX (VVOS) 10.24
HP Patch PHNE_13888
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s700/10.X/PHNE_13888
Series 700 HP Patch PHNE_13889
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s800/10.X/PHNE_13889
Series 800
HP HP-UX 10.30
HP Patch PHNE_13671
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s700_800/10.X/PHNE_13671
HP HP-UX 11.0
HP Patch PHNE_26771
http://itrc.hp.com
Microsoft Windows 95
Microsoft Hotfix Q177539 http://download.microsoft.com/download/win95upg/update4/1/w95/EN-US/vtcpup20.exe
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Hotfix Q165005
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/teardrop2-fix/tearfixi.exe
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Hotfix Q165005
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/teardrop2-fix/tearfixi.exe
Microsoft Windows NT Server 4.0 SP3
Microsoft Hotfix Q165005
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/teardrop2-fix/tearfixi.exe
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Hotfix Q165005
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/teardrop2-fix/tearfixi.exe
SCO Open Server 5.0
SCO Patch sse010
ftp://ftp.sco.COM/SSE/sse010.tar.Z
Note to Readers
Public Safety and Emergency Preparedness Canada (PSEPC) collects information related to cyber and physical threats to, and incidents involving, Canadian critical infrastructure. This allows us to monitor and analyse threats and to issue alerts, advisories and other information products to our partners. To report threats or incidents, please contact the PSEPC operations coordination centre at (613) 991-7000 or goc-cog@psepc-sppcc.gc.ca by e-mail.
Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Any suspected criminal activity should be reported to local law enforcement organizations. The RCMP National Operations Centre (NOC) provides a 24/7 service to receive such reports or to redirect callers to local law enforcement organizations. The NOC can be reached at (613) 993-4460. National security concerns should be reported to the Canadian Security Intelligence Service (CSIS) at (613) 993-9620.
Links to sites not under the control of the Government of Canada (GoC) are provided solely for the convenience of users. The GoC is not responsible for the accuracy, currency or the reliability of the content. The GoC does not offer any guarantee in that regard and is not responsible for the information found through these links, nor does it endorse the sites and their content.
|
