Madrid, April 21, 2004 - US-CERT/CC has published, at
http://www.us-cert.gov/cas/techalerts/TA04-111A.html, an advisory about a
vulnerability in TCP that could allow a malicious user to carry out denial
of service attacks.
This is a serious problem, as multiple implementations of the BGP (Border
Gateway Protocol) rely on TCP to maintain permanent unauthenticated network
sessions. Therefore, the vulnerability detected could allow remote attackers
to terminate network sessions.
Although BGP (designed to exchange information between routers and other
devices) has been identified as vulnerable, the problem could affect any
other protocol or service that rely on persistent TCP connections.
Some manufacturers, such as Cisco (*), have already published advisories
about the impact of this vulnerability on their systems.
As a workaround, users are recommended to implement and use
cryptographically secure protocols. Similarly, users are advised to keep
informed about the updates published by the manufacturers of affected
(*) The advisories published by Cisco are available at:
Internet Explorer Object Element Data Denial Of Service Vulnerability
A denial of service vulnerability has been reported in Microsoft Internet Explorer. This condition may occur when a malicious web page specifies an Object element with a data property that has a value of "?" or "#" in addition to specifying a type property that refers to an image type. The vulnerability will reportedly cause the browser to crash