Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@ance: Linux kernel, denial of service via RTO

March 2010 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

When a Linux 2.6.32.x system proposes a TCP service, an attacker can force an error in the computation of the RTO (Retransmission Timeout), which overloads the system.

Severity: 2/4

Consequences: denial of service of computer

Provenance: internet client

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 23/02/2010

IMPACTED PRODUCTS

- Linux kernel

DESCRIPTION OF THE VULNERABILITY

Since kernel version 2.6.32, the RTO (Retransmission Timeout) computation method changed. This timeout is computed from:
- information in the TCP Timestamp option
- the transit duration of first bytes

However, if the system did not receive a TCP Timestamp option nor data bytes, the RTO is null. When an error occurs, the system thus tries to re-emits its packets in a loop which consumes resources.

When a Linux 2.6.32.x system proposes a TCP service, an attacker can therefore force an error in the computation of the RTO (Retransmission Timeout), which overloads the system.

CHARACTERISTICS

Identifiers: BID-38355, VIGILANCE-VUL-9465

http://vigilance.fr/vulnerability/L...




See previous articles

    

See next articles