Upstream information
Description
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 7.1 |
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Complete |
Note from the SUSE Security Team
The upstream Linux kernel community does not consider this to be an issue in the kernel. We are not planning to do a code fix for this problem. A full advisory has been posted (linked above). SUSE Bugzilla entries: 432589 [RESOLVED / INVALID], 519126 [RESOLVED / UPSTREAM]SUSE Security Advisories:
- SUSE-SA:2009:047, published Fri, 02 Oct 2009 10:00:00 +0000
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 18:30:38 2013CVE page last modified: Fri Dec 8 16:28:29 2023