oss-sec mailing list archives
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 30 May 2012 20:25:23 +0200
* John Haxby:
Recently we have a couple of queries relating to a Nessus "TCP/IP SYN+FIN Packet Filtering Weakness". This has not been helped by the fact that [1] actually points (indrectly) to CVE-2002-2438 which is actually a SYN+RST problem.
Reading the discussion here, <http://comments.gmane.org/gmane.linux.network/213981> it seems to me that this is just a performance optimization which could be bypassed by using different flags, so I don't think there's a vulnerability or fix here, except the general lack of source IP address validation in IP networks.
Current thread:
- CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Florian Weimer (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 31)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (Jun 01)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (Jun 01)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (Jun 01)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (Jun 01)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (Jun 07)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 31)