| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200325082638.60188be0@hermes.lan>
Date: Wed, 25 Mar 2020 08:26:38 -0700
From: Stephen Hemminger <stephen@...workplumber.org>
To: netdev@...r.kernel.org
Subject: Fw: [Bug 206943] New: Forcing IP fragmentation on TCP segments
maliciously
Begin forwarded message:
Date: Wed, 25 Mar 2020 08:37:58 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: stephen@...workplumber.org
Subject: [Bug 206943] New: Forcing IP fragmentation on TCP segments maliciously
https://bugzilla.kernel.org/show_bug.cgi?id=206943
Bug ID: 206943
Summary: Forcing IP fragmentation on TCP segments maliciously
Product: Networking
Version: 2.5
Kernel Version: version 3.9
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: high
Priority: P1
Component: IPV4
Assignee: stephen@...workplumber.org
Reporter: fengxw18@...ls.tsinghua.edu.cn
Regression: No
A forged ICMP "Fragmentation Needed" message embedded with an echo reply data
can be used to defer the feedback of path MTU, thus tricking a Linux-based host
(version 3.9 and higher) into fragmenting TCP segments, even if the host
performs Path MTU discovery (PMTUD). Hence, an off-path attacker can poison the
TCP data via IP fragmentation.
--
You are receiving this mail because:
You are the assignee for the bug.
Powered by blists - more mailing lists