question regarding BSD Security Advisory

From: GCS
Date: Wed Mar 03 2004 - 17:12:19 EST

Next message: Chris Stromsoe: "2.4.23: brief lockup and __alloc_pages: 0-order allocation failed(gfp=0x1f0/0)"
Previous message: viro: "Re: udev versus parallel-port Zip drive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I was asked if something like this vulnerability may exists in Linux,
or if is there any precautions for this?
"
Topic: many out-of-sequence TCP packets denial-of-service

I. Background

The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
provides a connection-oriented, reliable, sequence-preserving data
stream service. When network packets making up a TCP stream (``TCP
segments'') are received out-of-sequence, they are maintained in a
reassembly queue by the destination system until they can be re-ordered
and re-assembled.

II. Problem Description

FreeBSD does not limit the number of TCP segments that may be held in a
reassembly queue.

III. Impact

A remote attacker may conduct a low-bandwidth denial-of-service attack
against a machine providing services based on TCP (there are many such
services, including HTTP, SMTP, and FTP). By sending many
out-of-sequence TCP segments, the attacker can cause the target machine
to consume all available memory buffers (``mbufs''), likely leading to
a system crash.
"

Cheers,
GCS
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Stromsoe: "2.4.23: brief lockup and __alloc_pages: 0-order allocation failed(gfp=0x1f0/0)"
Previous message: viro: "Re: udev versus parallel-port Zip drive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]