| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240521092502.GB2980@breakpoint.cc> Date: Tue, 21 May 2024 11:25:02 +0200 From: Florian Westphal <fw@...len.de> To: ye.xingchen@....com.cn Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, corbet@....net, dsahern@...nel.org, ncardwell@...gle.com, soheil@...gle.com, haiyangz@...rosoft.com, lixiaoyan@...gle.com, mfreemon@...udflare.com, david.laight@...lab.com, netdev@...r.kernel.org, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, fan.yu9@....com.cn, he.peilin@....com.cn, xu.xin16@....com.cn, yang.yang29@....com.cn, yang.guang5@....com.cn, zhang.yunkai@....com.cn Subject: Re: [PATCH net-next v2] icmp: Add icmp_timestamp_ignore_all to control ICMP_TIMESTAMP ye.xingchen@....com.cn <ye.xingchen@....com.cn> wrote: > From: YeXingchen <ye.xingchen@....com.cn> > > The CVE-1999-0524 vulnerability is associated with ICMP > timestamp messages, which can be exploited to conduct > a denial-of-service (DoS) attack. In the Vulnerability > Priority Rating (VPR) system, this vulnerability was > rated as a medium risk in May of this year. > Link:https://www.tenable.com/plugins/nessus/10113 Please explain at least one scenario where this is a problem. AFAICS there is none and Linux is not affected by this. > To protect embedded systems that cannot run firewalls > from attacks exploiting the CVE-1999-0524 vulnerability, > the icmp_timestamp_ignore_all sysctl is offered as If there is an actual problem, then this should be on by default or the entire feature should be removed. But I don't think there is a problem in the first place.
Powered by blists - more mailing lists