lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <b0505775-913f-79d2-fac8-d81184233a05@gmail.com>
Date:   Wed, 25 Mar 2020 08:58:02 -0700
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Stephen Hemminger <stephen@...workplumber.org>,
        netdev@...r.kernel.org, fengxw18@...ls.tsinghua.edu.cn
Subject: Re: Fw: [Bug 206943] New: Forcing IP fragmentation on TCP segments
 maliciously



On 3/25/20 8:26 AM, Stephen Hemminger wrote:
> 
> 
> Begin forwarded message:
> 
> Date: Wed, 25 Mar 2020 08:37:58 +0000
> From: bugzilla-daemon@...zilla.kernel.org
> To: stephen@...workplumber.org
> Subject: [Bug 206943] New: Forcing IP fragmentation on TCP segments maliciously
> 
> 
> https://bugzilla.kernel.org/show_bug.cgi?id=206943
> 
>             Bug ID: 206943
>            Summary: Forcing IP fragmentation on TCP segments maliciously
>            Product: Networking
>            Version: 2.5
>     Kernel Version: version 3.9
>           Hardware: All
>                 OS: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: high
>           Priority: P1
>          Component: IPV4
>           Assignee: stephen@...workplumber.org
>           Reporter: fengxw18@...ls.tsinghua.edu.cn
>         Regression: No
> 
> A forged ICMP "Fragmentation Needed" message embedded with an echo reply data
> can be used to defer the feedback of path MTU, thus tricking a Linux-based host
> (version 3.9 and higher) into fragmenting TCP segments, even if the host
> performs Path MTU discovery (PMTUD). Hence, an off-path attacker can poison the
> TCP data via IP fragmentation.


Usually, researchers finding stuff like that start a private communication
with involved parties.

Please send us the thesis or the details so that we can assess if the bug is critical
or not, considering the troubled time we live.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ