Package: kernel-source-2.6.8.
Version: 2.6.8-15 (not installed)
Severity: important
Tags: security patch
http://www.gont.com.ar/drafts/draft-gont-tcpm-icmp-attacks-03.txt describes
several attacks on TCP through ICMP. One of the described problems affects
kernel 2.6 as well. Patch is attached (it's the upstream patch from Dave
S. Miller from 2.6.9), it applies to 2.6 and 2.4.
Cheers,
Moritz
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED]
diff -Naru a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
--- a/net/ipv4/tcp_ipv4.c 2005-04-21 01:04:30 -07:00
+++ b/net/ipv4/tcp_ipv4.c 2005-04-21 01:04:30 -07:00
@@ -1025,11 +1025,7 @@
switch (type) {
case ICMP_SOURCE_QUENCH:
- /* This is deprecated, but if someone generated it,
- * we have no reasons to ignore it.
- */
- if (sk->lock.users == 0)
- tcp_enter_cwr(tp);
+ /* Just silently ignore these. */
goto out;
case ICMP_PARAMETERPROB:
err = EPROTO;
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/09/13 15:57:49-07:00 [EMAIL PROTECTED]
# [TCP]: Just silently ignore ICMP Source Quench messages.
#
# Recommended by draft-gont-tcpm-icmp-attacks-01.txt
#
# Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
#
# net/ipv4/tcp_ipv4.c
# 2004/09/13 15:57:37-07:00 [EMAIL PROTECTED] +1 -5
# [TCP]: Just silently ignore ICMP Source Quench messages.
#
