Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family (CVE-2011-3188)

Summary

Potential DOS due to weak IPv4 and IPv6 sequence numbers

Vulnerability Details

CVEID:_ _ CVE-2011-3188

DESCRIPTION:

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.** **
_ _
_CVE-2011-3188 _
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/69392 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V3700
IBM Storwize V3500
IBM Flex System V7000

All products affected when running a code level below 7.1.0.0.

Remediation/Fixes

Restrict access to the system’s IP interface, for example using a private network or firewall technology. Only users with access to the IP interface can exploit the vulnerability.

Upgrade to 7.1.0.0 or better.

Workarounds and Mitigations

Upgrade to 7.1.0.0 or better.