lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <664d3f4f3a743315903d56a89317c19edada92a2.camel@redhat.com>
Date: Tue, 21 May 2024 10:57:02 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: ye.xingchen@....com.cn, davem@...emloft.net
Cc: edumazet@...gle.com, kuba@...nel.org, corbet@....net,
 dsahern@...nel.org,  ncardwell@...gle.com, soheil@...gle.com,
 haiyangz@...rosoft.com,  lixiaoyan@...gle.com, mfreemon@...udflare.com,
 david.laight@...lab.com,  netdev@...r.kernel.org,
 linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, 
 fan.yu9@....com.cn, he.peilin@....com.cn, xu.xin16@....com.cn, 
 yang.yang29@....com.cn, yang.guang5@....com.cn, zhang.yunkai@....com.cn
Subject: Re: [PATCH net-next v2] icmp: Add icmp_timestamp_ignore_all to
 control ICMP_TIMESTAMP

On Mon, 2024-05-20 at 16:53 +0800, ye.xingchen@....com.cn wrote:
> From: YeXingchen <ye.xingchen@....com.cn>
> 
> The CVE-1999-0524 vulnerability is associated with ICMP
> timestamp messages, which can be exploited to conduct 
> a denial-of-service (DoS) attack. In the Vulnerability
> Priority Rating (VPR) system, this vulnerability was 
> rated as a medium risk in May of this year.
> Link:https://www.tenable.com/plugins/nessus/10113
> 
> To protect embedded systems that cannot run firewalls
> from attacks exploiting the CVE-1999-0524 vulnerability,
> the icmp_timestamp_ignore_all sysctl is offered as 
> an easy solution, which allows all ICMP timestamp
> messages to be ignored, effectively bypassing the 
> potential exploitation through the CVE-1999-0524 
> vulnerability. It enables these resource-constrained
> systems to disregard all ICMP timestamp messages,
> preventing potential DoS attacks, making it an ideal
> lightweight solution for such environments.
> 
> Signed-off-by: YeXingchen <ye.xingchen@....com.cn>
> Reviewed-by: xu xin <xu.xin16@....com.cn>
> Reviewed-by: zhang yunkai <zhang.yunkai@....com.cn>
> Reviewed-by: Fan Yu <fan.yu9@....com.cn>
> CC: he peilin <he.peilin@....com.cn>
> Cc: Yang Yang <yang.yang29@....com.cn>
> Cc: Yang Guang <yang.guang5@....com.cn>

## Form letter - net-next-closed

The merge window for v6.10 has begun and we have already posted our
pull
request. Therefore net-next is closed for new drivers, features, code
refactoring and optimizations. We are currently accepting bug fixes
only.

Please repost when net-next reopens after May 26th.

RFC patches sent for review only are obviously welcome at any time.

See:
https://www.kernel.org/doc/html/next/process/maintainer-netdev.html#development-cycle

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ