The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102206 Solaris Hosts are Vulnerable to a Denial of Service Induced by an Internet Transmission Control Protocol (TCP) "ACK Storm"

Guest Author
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

A remote privileged user may create a TCP (tcp(7p)) "ACK storm" or "ACK flood" which can cause a networked system to run out of resources, creating a Denial of Service (DoS) condition.

A TCP "ACK storm" can occur when a networked system sends a TCP packet which contains an incorrect sequence number to another networked system. The remote system will reply with a TCP ACK packet containing the expected sequence number and the originating system will send another packet with the incorrect sequence number. This exchange of ACK packets will continue indefinitely back and forth and thus create an "ACK storm".

This is the expected behavior of the Internet Transmission Control Protocol (TCP) protocol. The TCP protocol specification is described in RFC 793 at:

The patches listed in Section Two below limit the number of replies a Solaris system will make to a TCP packet with an incorrect sequence number and thus protect against an "ACK storm".

Avoidance: Patch
State: Resolved
First released: 26-Jul-2006

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.