Flood ACK packets cause AIX DoS

[Mauro Flores <maflores () antel com uy>]

---------------------------------------------------------------------------
Title: Flood ACK packets cause AIX DoS.

Released: 9th Oct 2002
---------------------------------------------------------------------------

Vulnerable:
===========
- AIX version 4.3.3 with any ML
- AIX 5

Overview:
=========
        AIX is a unix operating sistem developed by IBM distributed with
a wide models of IBM hardware.

There exists an stack problem with malformed TCP packets that can lead AIX
to a DoS condition. To reach this condition a big band width is require.

Details:
========
AIX has a pool of memory buffers known as mbuf, this buffers are used to manage
the incoming and outbound network traffic.  A flood of TCP packets with all flags
off makes the AIX to fail in releasing the mbufs, an result in a 100% of CPU 
consume or even crash the system. 
To reach the DoS condition the flood must be over 2.8 Mbps, so this is more a
DDoS attack.

Vendor Response:
================
IBM was reported on March 18, 2002. The vendedor confirm the problem and release 
a fix.

Corrective Action:
==================
Apply APAR IV31641 

Vulnerability Reporting Policy:
===============================
http://www.ietf.org/internet-drafts/draft-christey-wysopal-vuln-disclosure-00.txt


Author: Mauro Flores (maflores () antel com uy)
        Guillermo Freire (gfreire () antel com uy)
---------------------------------------------------------------------------
ANTel is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall ANTel be
liable for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
---------------------------------------------------------------------------