"A TCP weakness presented by Outpost24 has received a great deal of publicity during this week. CERT-FI is coordinating the work regarding this vulnerability with relevant vendors and its discoverers. Work on determining the scope and impact of the vulnerability is currently ongoing, and will be followed a coordinated process of patching and publication. Additional details about the issue will be published following the guidelines of responsible disclosure.We are pleased at the response from the vendor community and are now turning our attention to them with the assistance of the fine team at CERT-FI.
According to publicly available data, the vulnerability is based on a denial of service on the TCP connection queue of a target host. Public sources also state that the vulnerability can be exploited with relatively small amounts of traffic. Based on our evaluation, the vulnerability can be mitigated by source address level filtering."
We will be providing updates as solutions are made available.
0 comments:
Post a Comment