Fixes are available
APAR status
Closed as fixed if next.
Error description
The implementation of IPv4 and IPv6 networking used in DataPower generates TCP initial sequence numbers with only lower 24 bits being random when establishing a TCP connection. That makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack unsecured network sessions by predicting these values and sending crafted packets. This problem is also known as CVE-2011-3188.
Local fix
Problem summary
The implementation of IPv4 and IPv6 networking used in DataPower generates TCP initial sequence numbers with only lower 24 bits being random when establishing a TCP connection. That makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack unsecured network sessions by predicting these values and sending crafted packets. This problem is also known as CVE-2011-3188.
Problem conclusion
Temporary fix
(none)
Comments
APAR Information
APAR number
IC98898
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
500
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-01-22
Closed date
2014-01-23
Last modified date
2014-01-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
R601 PSN
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
11 February 2022