Bug 314381
| Summary: | CVE-NONE kernel syn+fin firewall bypass (VU#464113) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mark J. Cox <mjc> |
| Component: | vulnerability | Assignee: | Red Hat Kernel Manager <kernel-mgr> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | eteo, lwang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-10-04 13:29:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Mark J. Cox
2007-10-01 18:25:41 UTC
The original report of this issue contains some minor, but basic errors: SYN|data|FIN is a legal frame in T/TCP and arguably in basic TCP as well (although not used for that). Thus you need to write rules that correctly handle SYN|data|FIN packets. The code to handle this in Linux is, as far as our kernel experts can tell, entirely correct. The kernel was changed after the publication of the report to be suspicious of SYN|RST as that isn't a legal packet, but not SYN|FIN as that is a legal packet. We therefore believe that Linux (and hence Red Hat Enterprise Linux) does the correct thing in handling these packets, and that the Nessus test is giving a false positive as this is not a vulnerability. |