Bugzilla – Bug 895845
VUL-0: CVE-2005-0356: kernel: multi vendor TCP timestamp injection issue VU#637934
Last modified: 2014-09-09 15:31:37 UTC
old CVE Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. http://www.kb.cert.org/vuls/id/637934
https://www.mail-archive.com/netdev@vger.kernel.org/msg60430.html Andi Kleen Wed, 30 Jan 2008 01:00:04 -0800 We've recently had a long discussion about the CVE-2005-0356 time stamp denial-of-service attack. It turned out that Linux is only vunerable to this problem when tcp_tw_recycle is enabled (which it is not by default). In general these two options are not really usable in today's internet because they make the (often false) assumption that a single IP address has a single TCP time stamp / PAWS clock. This assumption breaks both NAT/masquerading and also opens Linux to denial of service attacks (see the CVE description) Also: http://www.kb.cert.org/vuls/id/JGEI-6ABPN4 Netfilter Information for VU#637934 TCP does not adequately validate segments before updating timestamp value Vendor Information Help Date Notified: 09 Mar 2005 Statement Date: Date Updated: 17 Mar 2005 Status Not Affected Vendor Statement The Linux Kernel implements a check "(B')" as specified in the document. Therefore, the Linux Kernel TCP implementation is not vulnerable. Vendor Information