Date: Wed, 24 Feb 2010 08:44:23 +0800 From: Eugene Teo <eugeneteo@...nel.sg> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: kernel: RTO (Retransmission Timeouts) Remote DoS "Make sure, that TCP has a nonzero RTT estimation after three-way handshake. Currently, a listening TCP has a value of 0 for srtt, rttvar and rto right after the three-way handshake is completed with TCP timestamps disabled. This will lead to corrupt RTO recalculation and retransmission flood when RTO is recalculated on backoff reversion as introduced in "Revert RTO on ICMP destination unreachable" (f1ecd5d9e7366609d640ff4040304ea197fbc618). This behaviour can be provoked by connecting to a server which "responds first" (like SMTP) and rejecting every packet after the handshake with dest-unreachable, which will lead to softirq load on the server (up to 30% per socket in some tests). Thanks to Ilpo Jarvinen for providing debug patches and to Denys Fedoryshchenko for reporting and testing. Reported-by: Denys Fedoryshchenko <denys@...p.net.lb>" Just a heads-up. Red Hat is not requesting a CVE name for this as it did not affect any of our supported kernels. http://www.securityfocus.com/bid/38355 https://bugzilla.redhat.com/show_bug.cgi?id=567530 Introduced: f1ecd5d9e7366609d640ff4040304ea197fbc618 - v2.6.32-rc1 Upstream commit: 598856407d4e20ebb4de01a91a93d89325924d43 Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.