Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 24 Feb 2010 08:44:23 +0800
From: Eugene Teo <>
CC: "Steven M. Christey" <>
Subject: kernel: RTO (Retransmission Timeouts) Remote DoS

"Make sure, that TCP has a nonzero RTT estimation after three-way 
handshake. Currently, a listening TCP has a value of 0 for srtt, rttvar 
and rto right after the three-way handshake is completed with TCP 
timestamps disabled. This will lead to corrupt RTO recalculation and 
retransmission flood when RTO is recalculated on backoff reversion as 
introduced in "Revert RTO on ICMP destination unreachable"
(f1ecd5d9e7366609d640ff4040304ea197fbc618). This behaviour can be 
provoked by connecting to a server which "responds first" (like SMTP) 
and rejecting every packet after the handshake with dest-unreachable, 
which will lead to softirq load on the server (up to 30% per socket in 
some tests).

Thanks to Ilpo Jarvinen for providing debug patches and to Denys 
Fedoryshchenko for reporting and testing.

Reported-by: Denys Fedoryshchenko <>"

Just a heads-up. Red Hat is not requesting a CVE name for this as it did 
not affect any of our supported kernels.
Introduced: f1ecd5d9e7366609d640ff4040304ea197fbc618 - v2.6.32-rc1
Upstream commit: 598856407d4e20ebb4de01a91a93d89325924d43

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.