SA34 : Blue Coat iShared Advisory on Sockstress TCP Attacks (CVE-2008-4609)
1185
03 March 2020
16 October 2009
CLOSED
HIGH
SUMMARY
The TCP implementation in Microsoft Windows Server 2003 allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by Sockstress, a readily available DoS tool. All iShared Windows products are vulnerable as they run on Windows Server 2003 RTM, SP1 and SP2.
AFFECTED PRODUCTS
All iShared Windows products are vulnerable as they run on Windows Server 2003 RTM, SP1 and SP2.
ISSUES
The vulnerability affects Windows Server 2003 RTM, SP1 and SP2. Microsoft has released MS09-048 to help reduce the effect of the reported vulnerability. This Windows Update is available for Windows Server 2003 SP2 only as Microsoft support has already been retired for Windows Server 2003 RTM and SP1. We recommend customers to upgrade to Windows Server 2003 SP2 to be able to make use of the Microsoft Windows Update.
Since the denial of service vulnerability CVE-2008-4609 affects the TCP/IP protocol itself, the update MS09-048 for Windows Server 2003 does not completely mitigate the vulnerabilities; the updates merely provide a layer of defense during a flooding attack.
MITIGATION
MS09-048 proposes a workaround to deal with the vulnerability but this workaround has yet to be tested with iShared Windows products.