Date: 20-05-24  Time: 04:01 AM

Author Topic: TCP vulnerabilities - what about AIX  (Read 14661 times)

0 Members and 1 Guest are viewing this topic.


  • New Member
  • *
  • Posts: 3
  • Karma: +0/-0
TCP vulnerabilities - what about AIX
« on: September 11, 2009, 06:53:59 AM »
Some TCP protocol issue have been found:

I'm curious whether this applies to AIX or not. Or is my AIX TCP got patch already in the meanwhile...


  • Administrator
  • Hero Member
  • *****
  • Posts: 1339
  • Karma: +0/-0
Re: TCP vulnerabilities - what about AIX
« Reply #1 on: October 15, 2009, 07:34:35 AM »
My apologies. Missed this (beginning September was a busy time).

I tried the link, but got a HTTP 404 error, so I cannot reply on that specifically.

IBM does respond to CERT and other announcements as quickly as possible.

I would recommend getting subscribed to their lists:
Below is an except from a security announcement for contacting/subscribing to security alerts.


    If you would like to receive AIX Security Advisories via email,
    please visit:

    and click on the "My notifications" link.
    To view previously issued advisories, please visit:

    Comments regarding the content of this announcement can be
    directed to:
    To obtain the PGP public key that can be used to communicate
    securely with the AIX Security Team you can either:
        A. Download the key from our web page:
        B. Download the key from a PGP Public Key Server. The key ID is:
    Please contact your local IBM AIX support center for any


  • New Member
  • *
  • Posts: 3
  • Karma: +0/-0
Re: TCP vulnerabilities - what about AIX
« Reply #2 on: October 15, 2009, 07:41:03 AM »
NP Michael,
I have tried searching AIX security announcements, but haven't found a match.

Just in case, if link is not working:

The results of the TCP vulnerability coordination project have been released

CERT-FI has published an advisory on the vulnerability coordination project regarding TCP protocol implementations. The coordination work started on August 2008.

Outpost24 reported a set of vulnerabilities in TCP implementations to CERT-FI in August 2008. CERT-FI has contacted possibly affected vendors and coordinated the patch release as well as research on the impact oft he vulnerability. Now, over a year after the coordination work started, patches have been made available. There are patches and advisories available from, e.g., Microsoft, Cisco and Checkpoint.

There is also a press release available on the issue:

CERT-FI has been following the coordination developments on its statement on the TCP issues:

    * CERT-FI Advisory on the Outpost24 TCP Issues