Does this affect us? The CERT Advisory has "unknown" for all the Linux vendors.
(2) MODERATE: Multiple Vendor TCP Timestamp Vulnerability Affected: A number of vendors including Cisco and Microsoft. For a list of all the vendors, please refer to the CERT Advisory.
Description: This vulnerability in certain TCP implementations can be exploited to cause a denial of service by forcing either ends involved in a TCP connection to drop TCP segments. That will eventually reset the connection. The problem arises due to the way some TCP stacks implement the TCP timestamp option. In order to preserve the TCP performance over high bandwidth, the PAWS and the Timestamp Option were introduced via RFC 1323. PAWS uses the TCP timestamp option to track new TCP segments. The vulnerability arises because some TCP stacks use the TCP timestamp to process further TCP segments without validating the TCP sequence numbers. Hence, an attacker who can guess the IP addresses and port numbers of the ends involved in a TCP connection, can inject TCP packets into the connection with crafted timestamp values. This can lead to resetting the connection or corrupting the data transfer between the two ends. The higher-level protocols that use long-lasting TCP sessions such as the Border Gateway Protocol (BGP) are most affected by this vulnerability. Exploit code has been publicly posted.
Status: Cisco has released an advisory and posted updates. Microsoft patch MS05-019 also fixes this vulnerability. For a detailed status on other vendors, please refer to the CERT advisory below.
Council Site Actions: All council sites have either deployed patches or plan to deploy them once they are available from the vendor. One site is still verifying that PAWS and Timestamps are not in use on any of their servers that are vulnerable to this attack. If any are found, the Timestamp/PAWS feature will be disabled. Another site is actively engaging with vendors that have not released patches but are known to use vulnerable platforms. A final site does plan to install the patches but is treating this as a low urgency event since very few of their machines maintain long-duration TCP sessions and thus very few are likely victims of an attack.
References: CERT Advisory http://www.kb.cert.org/vuls/id/637934 Cisco Advisory http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml Microsoft Announcement http://www.microsoft.com/technet/security/advisory/899480.mspx Exploit Code http://www.frsirt.com/exploits/20050521.tcptimestamps.c.php RFC 1323 (PAWS and TCP Timestamp Option) http://www.ietf.org/rfc/rfc1323.txt SecurityFocus BID http://www.securityfocus.com/bid/13676
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
