Configuration in Linux kernel - CVE-2008-4609

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

How to mitigate CVE-2008-4609

Sources

• http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html
• http://www.outpost24.com/news/news-2008-10-02.html
• http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html
• http://blog.robertlee.name/2008/10/conjecture-speculation.html
• https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html
• http://insecure.org/stf/tcp-dos-attack-explained.html
• http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked
• http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml
• http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf
• http://www.us-cert.gov/cas/techalerts/TA09-251A.html
• http://marc.info/?l=bugtraq&m=125856010926699&w=2
• http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048