TCP Response Handling Flaw in IBM OS/400 on iSeries Machines
CVE-2007-3537

Currently unrated

Key Information:

Vendor: IBM
Status: Os 400
Vendor: CVE Published:; 3 July 2007

Summary

IBM OS/400 on iSeries machines is vulnerable due to improper handling of TCP SYN-FIN packets. This flaw allows remote attackers to gather sensitive system information and may enable them to bypass firewall restrictions. Users of OS/400 versions V4R2M0 through V5R3M0 are especially at risk, emphasizing the need for immediate security assessments and updates.

References

http://secunia.com/advisories/25885

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/37792

vdb-entryx_refsource_OSVDB

http://www-1.ibm.com/support/docview.wss?uid=nas274240528...

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Jul 3, 2007
Vulnerability Reserved
Jul 3, 2007