Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 29 May 2012 13:17:52 +0100
From: John Haxby <>
CC: Marcus Meissner <>
Subject: Re: CVE Request (2002): Linux TCP stack could accept
 invalid TCP flag combinations

On 03/02/12 10:37, Marcus Meissner wrote:
> Hi,
> After a customer query likely coming from erroneous Security Scanner output,
> this issue from 2002 has no CVE id yet as far as I see:
> It describes a problem where firewalls might let some TCP flags combinations
> pass (e.g. all with RST flag set) and the OS (e.g. Linux) stack would in turn
> accept a TCP session it might not have accepted otherwise.
> The protection added in Linux 2.4.20 is checking for the RST (reset) flag
> when a SYN packet is received, which was I think the main attack scenario.
> The relevant part of the 2.4.20 patch is:
> @@ -3667,6 +3693,9 @@
>                 if(th->ack)
>                         return 1;
> +               if(th->rst)
> +                       goto discard;
> +
>                 if(th->syn) {
>                         if(tp->af_specific->conn_request(sk, skb) < 0)
>                                 return 1;
> The check still exists in current mainline git, so the issue is still fixed.
> Ciao, Marcus

I suspect that this actually came from here:

It's entirely possible that there's a typo in the web page because it
talks about TCP+FIN but refers to web pages dealing with the much older

There is actually a SYN+FIN discard fix in the mainline kernel which
would appear to be a DoS ("Denys Fedoryshchenko reported that SYN+FIN
attacks were bringing his linux machines to their limits.") should we
have a CVE for this issue?  (I'll ask in a separate message if so.)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.