	Home page

	Services

	Licences and fees

	Surveys and statistics

	Regulations, decisions and guidelines

	FICORA

	Contact details

Finnish Communications Regulatory Authority (FICORA)
Itämerenkatu 3 A
P.O. Box 313
FI-00181 HELSINKI

Switchboard +358 9 69 661
Customer service of Fi-domain names +358 9 6966 700

Television fees
Customer service +358 9 613 161

About cookies

08.09.2009

Patch available for vulnerabilities in TCP implementations

Together with several software manufacturers, FICORA's information security unit CERT-FI has been coordinating fixes for vulnerabilities in implementations of TCP protocol.

The vulnerabilities are related to the implementations of the TCP protocol in several systems and devices. TCP (Transmission Control Protocol) is a protocol used for data transfer in many network applications, such as transferring websites from the server to the browser. The patches released today resolve the vulnerabilities.

Vulnerabilities mainly concern server systems, but can be used against workstations, too. By exploiting the vulnerabilities, the attacker may deny service from the legitimate users of a vulnerable system. A system fallen into a denial-of-service state no longer responds to user requests. For example, access to websites maintained by web servers will be denied. In some systems, the operating system must be restarted in order for them to become usable again.

Jack C. Louis and Robert E. Lee from the Swedish network security company Outpost24 reported the TCP vulnerabilities to CERT-FI. During the coordination, which began in August 2008, CERT-FI has contacted more than 60 software manufacturers.

CERT-FI's advisory on vulnerabilities and how to resolve them:

https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

Further information:

FICORA, CERT-FI, tel. +358 9 6966 510
Erka Koivunen, Head of CERT-FI, tel. +358 50 309 8094
CERT-FI vulnerability coordination, e-mail: vulncoord@ficora.fi

Page updated 08.09.2009

Print version