Alan Cox
writes:
Linux 2.0.3x TCP vulnerability
There is a remote network DoS vulnerability in all Linux 2.0.x
systems. Linux 2.2.x is not affected by this bug.
Causing this requires a great deal of skill and probably a
reasonably local network access as it is extremely timing
dependant. As far as we know the exploit is not known in the
cracker community. Details of the exploit will be released in about
4-6 weeks time assuming someone bright doesn’t figure it out
first.
The bug was found by Erik Nygren at MIT, who also provided a
fix. We have also taken the opportunity to fix two other tiny
bugs.
The first is a case where the TCP stack read data freed
momentarily before. The worst it could do was miss an ack as far as
we can tell.
If you selected custom memory sizes then the segment limit setup
was configured wrongly and opened potential holes. This bug was
found and fixed by Solar Designer. If you chose the standard memory
configurations for 1Gb and 2Gb then you are not vulnerable the
segment limit error.
2.0.38 fixes only these bugs. There are no other changes in this
patch. The patch should also apply to variant 2.0.3x trees for
other platforms.