[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] kernel: RTO (Retransmission Timeouts) Remote DoS
From:       Eugene Teo <eugeneteo () kernel ! sg>
Date:       2010-02-24 0:44:23
Message-ID: 4B847667.1010108 () kernel ! sg
[Download RAW message or body]

"Make sure, that TCP has a nonzero RTT estimation after three-way 
handshake. Currently, a listening TCP has a value of 0 for srtt, rttvar 
and rto right after the three-way handshake is completed with TCP 
timestamps disabled. This will lead to corrupt RTO recalculation and 
retransmission flood when RTO is recalculated on backoff reversion as 
introduced in "Revert RTO on ICMP destination unreachable"
(f1ecd5d9e7366609d640ff4040304ea197fbc618). This behaviour can be 
provoked by connecting to a server which "responds first" (like SMTP) 
and rejecting every packet after the handshake with dest-unreachable, 
which will lead to softirq load on the server (up to 30% per socket in 
some tests).

Thanks to Ilpo Jarvinen for providing debug patches and to Denys 
Fedoryshchenko for reporting and testing.

Reported-by: Denys Fedoryshchenko <denys@visp.net.lb>"

Just a heads-up. Red Hat is not requesting a CVE name for this as it did 
not affect any of our supported kernels.

http://www.securityfocus.com/bid/38355
https://bugzilla.redhat.com/show_bug.cgi?id=567530
Introduced: f1ecd5d9e7366609d640ff4040304ea197fbc618 - v2.6.32-rc1
Upstream commit: 598856407d4e20ebb4de01a91a93d89325924d43

Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]