blob: 711146ef5432b8beac73c6d3c201c0e5805046bf (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Candidate: CVE-2008-4609
Description:
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft
Windows, (4) Cisco products, and probably other operating systems allows remote
attackers to cause a denial of service (connection queue exhaustion) via multiple
vectors that manipulate information in the TCP state table, as demonstrated by
sockstress.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609
http://www.openwall.com/lists/oss-security/2009/09/16/4
http://www.openwall.com/lists/oss-security/2009/09/16/5
http://kbase.redhat.com/faq/docs/DOC-18730
http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf
Ubuntu-Description:
Notes:
- apparently some fundamental flaws in tcp. microsoft patched this in versions >xp.
- lots of speculation but not much definitive. not sure whether its too big of a deal
- just denial-of-services?
- ignored by redhat
Bugs:
upstream:
linux-2.6:
2.6.18-etch-security: ignored
2.6.24-etch-security: ignored
2.6.26-lenny-security: ignored ("no upstream fix")
|
