DescriptionThe TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
Note from the SUSE Security TeamThe upstream Linux kernel community does not consider this to be an issue in the kernel. We are not planning to do a code fix for this problem. A full advisory has been posted (linked above). SUSE Bugzilla entries: 432589 [RESOLVED / INVALID], 519126 [RESOLVED / UPSTREAM] SUSE Security Advisories:
- SUSE-SA:2009:047, published Fri, 02 Oct 2009 10:00:00 +0000