On Tue, 2015-04-14 at 21:24 +0100, Ben Hutchings wrote: > There is a local DoS triggered by use of the TCP Fast Open option, > specific to Linux stable branches, as a result of an incompletely > backported bug fix: > > https://bugs.debian.org/782515 > http://thread.gmane.org/gmane.linux.network/359588 > > The 3.16.7-ckt stable branch is definitely affected, and I believe but > haven't tested that the 3.10, 3.12, 3.13.11-ckt and 3.14 branches are > also affected. > > Please assign a CVE ID for this. As mitigation, TCP Fast Open can be disabled by setting sysctl net.ipv4.tcp_fastopen=0. It was disabled by default before Linux 3.13. Ben. -- Ben Hutchings Editing code like this is akin to sticking plasters on the bleeding stump of a severed limb. - me, 29 June 1999
Attachment:
signature.asc
Description: This is a digitally signed message part