Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family (CVE-2011-3188)

Summary

Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family (CVE-2011-3188)

Vulnerability Details

Security Bulletin

Summary

Potential DOS due to weak IPv4 and IPv6 sequence numbers

Vulnerability Details

**
CVEID:** CVE-2011-3188

DESCRIPTION:

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.

CVE-2011-3188
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/69392 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM SAN Volume Controller
Storwize V7000 for Lenovo
Storwize V5000 for Lenovo
Storwize V3700 for Lenovo
Storwize V3500 for Lenovo

All products affected when running a code level below 7.1.0.0.

Remediation/Fixes

Restrict access to the system’s IP interface, for example using a private network or firewall technology. Only users with access to the IP interface can exploit the vulnerability.
Upgrade to 7.1.0.0 or better.

Workarounds and Mitigations

Upgrade to 7.1.0.0 or better.