From 7bfe7c70160be8e0a1e7d2de0c4d658a0fcd537e Mon Sep 17 00:00:00 2001
From: Raphael Geissert <geissert@debian.org>
Date: Sat, 19 Dec 2009 21:03:37 +0000
Subject: move tcp design flaw to ignored issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1661 e094ebfe-e918-0410-adfb-c712417f3574
---
 ignored/CVE-2008-4609 | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 ignored/CVE-2008-4609

(limited to 'ignored')

diff --git a/ignored/CVE-2008-4609 b/ignored/CVE-2008-4609
new file mode 100644
index 00000000..711146ef
--- /dev/null
+++ b/ignored/CVE-2008-4609
@@ -0,0 +1,25 @@
+Candidate: CVE-2008-4609
+Description:
+ The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft 
+ Windows, (4) Cisco products, and probably other operating systems allows remote 
+ attackers to cause a denial of service (connection queue exhaustion) via multiple 
+ vectors that manipulate information in the TCP state table, as demonstrated by 
+ sockstress.
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609
+ http://www.openwall.com/lists/oss-security/2009/09/16/4
+ http://www.openwall.com/lists/oss-security/2009/09/16/5
+ http://kbase.redhat.com/faq/docs/DOC-18730
+ http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf
+Ubuntu-Description:
+Notes:
+ - apparently some fundamental flaws in tcp.  microsoft patched this in versions >xp.
+ - lots of speculation but not much definitive. not sure whether its too big of a deal
+ - just denial-of-services?
+ - ignored by redhat
+Bugs:
+upstream: 
+linux-2.6: 
+2.6.18-etch-security: ignored
+2.6.24-etch-security: ignored
+2.6.26-lenny-security: ignored ("no upstream fix")
-- 
cgit v1.2.3