Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 May 2012 20:25:23 +0200
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- kernel: tcp: drop SYN+FIN messages

* John Haxby:

> Recently we have a couple of queries relating to a Nessus "TCP/IP
> SYN+FIN Packet Filtering Weakness".   This has not been helped by the
> fact that [1] actually points (indrectly) to CVE-2002-2438 which is
> actually a SYN+RST problem.

Reading the discussion here,

  <http://comments.gmane.org/gmane.linux.network/213981>

it seems to me that this is just a performance optimization which
could be bypassed by using different flags, so I don't think there's a
vulnerability or fix here, except the general lack of source IP
address validation in IP networks.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ