mailing list archives
Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 03 Feb 2012 09:54:25 -0700
On 02/03/2012 03:37 AM, Marcus Meissner wrote:
After a customer query likely coming from erroneous Security Scanner output,
this issue from 2002 has no CVE id yet as far as I see:
It describes a problem where firewalls might let some TCP flags combinations
pass (e.g. all with RST flag set) and the OS (e.g. Linux) stack would in turn
accept a TCP session it might not have accepted otherwise.
The protection added in Linux 2.4.20 is checking for the RST (reset) flag
when a SYN packet is received, which was I think the main attack scenario.
The relevant part of the 2.4.20 patch is:
@@ -3667,6 +3693,9 @@
+ goto discard;
if(tp->af_specific->conn_request(sk, skb) < 0)
The check still exists in current mainline git, so the issue is still fixed.
Nice, a cert KB with a picture, never seen that before.
Please use CVE-2002-2438 for this issue.
Kurt Seifried Red Hat Security Response Team (SRT)