US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Fedora Project Information for VU#222750

Date Notified08/12/2004
Date Modified04/22/2008 06:34:38 PM
Status SummaryNot Vulnerable

Vendor Statement

CAN-2004-0790: A blind TCP connection reset by sending

The Linux 2.4 and 2.6 kernels have always verified the TCP sequence number on ICMP errors. In addition Linux kernels will never abort a connection due to a received ICMP packet. All Fedora Core versions are therefore unaffected by this issue.

CAN-2004-0791: A spoofing attack with ICMP type 4 header

The Linux kernel since 2.6.9 and 2.4.28 has included a patch by Dave Miller to ignore ICMP Source Quench messages as recommended by Fernando Gont. Fedora Core 3 shipped with a 2.6.9 kernel which ignores ICMP Source Quench messages. Fedora Core 2 was updated to a 2.6.9 kernel in a November 2004 update and is therefore also unaffected by this issue.

CAN-2004-1060: ICMP path MTU spoofing

Linux 2.4 and 2.6 kernels verify the sequence number on ICMP errors, thus significantly mitigating this issue. This issue can also be mitigated by disabling pmtu discovery if not required (/proc/sys/net/ipv4/ip_no_pmtu_disc)

US-CERT Addendum

Please see http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information