lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20121226.150917.847023967466840760.davem@davemloft.net> Date: Wed, 26 Dec 2012 15:09:17 -0800 (PST) From: David Miller <davem@...emloft.net> To: eric.dumazet@...il.com Cc: netdev@...r.kernel.org, zhiyunq@...ch.edu, nanditad@...gle.com, ncardwell@...gle.com, john.dykstra1@...il.com Subject: Re: [PATCH] tcp: should drop incoming frames without ACK flag set From: Eric Dumazet <eric.dumazet@...il.com> Date: Wed, 26 Dec 2012 14:44:34 -0800 > [PATCH v2] tcp: should drop incoming frames without ACK flag set > > In commit 96e0bf4b5193d (tcp: Discard segments that ack data not yet > sent) John Dykstra enforced a check against ack sequences. > > In commit 354e4aa391ed5 (tcp: RFC 5961 5.2 Blind Data Injection Attack > Mitigation) I added more safety tests. > > But we missed fact that these tests are not performed if ACK bit is > not set. > > RFC 793 3.9 mandates TCP should drop a frame without ACK flag set. > > " fifth check the ACK field, > if the ACK bit is off drop the segment and return" > > Not doing so permits an attacker to only guess an acceptable sequence > number, evading stronger checks. > > Many thanks to Zhiyun Qian for bringing this issue to our attention. > > See : > http://web.eecs.umich.edu/~zhiyunq/pub/ccs12_TCP_sequence_number_inference.pdf > > Reported-by: Zhiyun Qian <zhiyunq@...ch.edu> > Signed-off-by: Eric Dumazet <edumazet@...gle.com> Applied, thanks Eric. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists