Package: kernel-source-2.6.8 Version: 2.6.8-15 Severity: important See http://www.securityfocus.com/bid/13676 for more information. In short, a DoS exists when a machine uses PAWS (Protection Against Wrapped Sequence Numbers).
Quoting from securityfocus: >The issue manifests if an attacker transmits a sufficient TCP PAWS >packet to a vulnerable computer. A large value is set by the >attacker as the packet timestamp. When the target computer processes >this packet, the internal timer is updated to the large attacker supplied >value. >This causes all other valid packets that are received subsequent to an >attack to be dropped as they are deemed to be too old, or invalid. >This type of attack will effectively deny service for a target connection. The securityfocus article doesn't mention linux as vulnerable, however RFC1323 is implemented in linux, and this issue can be enabled/disabled via proc/sys/net/ipv4/tcp_timestamps -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
