Title: HP Path MTU Discovery DoS Vulnerability
Severity: MODERATE
Description:
A potential denial of service exists in Hewlett-Packard's proprietary protocol for discovering the maximum path MTU (PMTU) for a give connection. This feature could potentially be used to cause denial of services, using HPUX machines as "amplifiers." Essentially, HP machines which are vulnerable can, under certain conditions, be coerced in to sending far more data outbound than they receive inbound. By forging source addresses, it is possible to send a small quantity of packets purporting to be from a given source, and cause the HPUX machine to send multiple packets in response. This could potentially be used as a denial of service.
HP's proprietary path discover protocol works by sending data in parallel with ICMP packets being used for path discovery. While exact details of the nature of the denial of service were not made public, presumably it could be possible to utilize UDP packets, and default UDP services to start the chain of events leading to a denial of service
Affected Products:
- HP HP-UX 10.30.0
- HP HP-UX 11.0.0
References:
- Hewlett Packard: HP Support
- Hewlett Packard: Welcome to Hewlett Packard
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
