![]() | ![]() |
|
|
Red Hat, Inc. Information for VU#222750
Vendor StatementCAN-2004-0790: A blind TCP connection resetRed Hat Enterprise Linux 2.1 and 3 kernels have always verified the TCP sequence number on ICMP errors. In addition Linux kernels will never abort a connection due to a received ICMP packet. All Red Hat Enterprise Linux versions are therefore unaffected by this issue.
http://rhn.redhat.com/errata/RHSA-2005-016.html http://rhn.redhat.com/errata/RHSA-2005-017.html CAN-2004-1060: ICMP path MTU spoofing Red Hat Enterprise Linux 2.1 and 3 kernels verify the sequence number on ICMP errors, thus significantly mitigating this issue. This issue can also be mitigated by disabling pmtu discovery if not required (/proc/sys/net/ipv4/ip_no_pmtu_disc) US-CERT AddendumPlease see http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||
![]() |
||||||||||||||||||||