Bug#782515: TCP Fast Open local DoS in some Linux stable branches

To: oss-security <oss-security@lists.openwall.com>
Cc: 782515@bugs.debian.org
Subject: Bug#782515: TCP Fast Open local DoS in some Linux stable branches
From: Ben Hutchings <ben@decadent.org.uk>
Date: Wed, 15 Apr 2015 18:55:01 +0100
Message-id: <[🔎] 1429120501.3211.88.camel@decadent.org.uk>
Reply-to: Ben Hutchings <ben@decadent.org.uk>, 782515@bugs.debian.org
In-reply-to: <[🔎] 1429043059.3211.58.camel@decadent.org.uk>
References: <[🔎] 1429043059.3211.58.camel@decadent.org.uk>

On Tue, 2015-04-14 at 21:24 +0100, Ben Hutchings wrote:
> There is a local DoS triggered by use of the TCP Fast Open option,
> specific to Linux stable branches, as a result of an incompletely
> backported bug fix:
> 
> https://bugs.debian.org/782515
> http://thread.gmane.org/gmane.linux.network/359588
> 
> The 3.16.7-ckt stable branch is definitely affected, and I believe but
> haven't tested that the 3.10, 3.12, 3.13.11-ckt and 3.14 branches are
> also affected.
> 
> Please assign a CVE ID for this.

As mitigation, TCP Fast Open can be disabled by setting sysctl
net.ipv4.tcp_fastopen=0.  It was disabled by default before Linux 3.13.

Ben.

-- 
Ben Hutchings
Editing code like this is akin to sticking plasters on the bleeding stump
of a severed limb. - me, 29 June 1999

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Bug#782515: TCP Fast Open local DoS in some Linux stable branches
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: CONFIG_IP_PNP?
Next by Date: Bug#782515: [PATCH stable 3.10-3.16] tcp: Fix crash in TCP Fast Open
Previous by thread: Bug#782515: TCP Fast Open local DoS in some Linux stable branches
Next by thread: Bug#782515: TCP Fast Open local DoS in some Linux stable branches - Linux kernel
Index(es):
- Date
- Thread