SA34 : Blue Coat iShared Advisory on Sockstress TCP Attacks (CVE-2008-4609)

1185

03 March 2020

16 October 2009

CLOSED

HIGH

SUMMARY

The TCP implementation in Microsoft Windows Server 2003 allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by Sockstress, a readily available DoS tool.  All iShared Windows products are vulnerable as they run on Windows Server 2003 RTM, SP1 and SP2.

AFFECTED PRODUCTS

All iShared Windows products are vulnerable as they run on Windows Server 2003 RTM, SP1 and SP2.

ISSUES

The vulnerability affects Windows Server 2003 RTM, SP1 and SP2. Microsoft has released MS09-048 to help reduce the effect of the reported vulnerability. This Windows Update is available for Windows Server 2003 SP2 only as Microsoft support has already been retired for Windows Server 2003 RTM and SP1. We recommend customers to upgrade to Windows Server 2003 SP2 to be able to make use of the Microsoft Windows Update.

Since the denial of service vulnerability CVE-2008-4609 affects the TCP/IP protocol itself, the update MS09-048 for Windows Server 2003 does not completely mitigate the vulnerabilities; the updates merely provide a layer of defense during a flooding attack.

MITIGATION

MS09-048 proposes a workaround to deal with the vulnerability but this workaround has yet to be tested with iShared Windows products.

REFERENCES