Bug 529652

Summary: kernel: TCP Persist condition issue
Product: [Other] Security Response Reporter: Eugene Teo (Security Response) <eteo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: lwang, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-19 10:55:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eugene Teo (Security Response) 2009-10-19 10:50:04 UTC 
A denial of service flaw in the way TCP connections are maintained when receiving a zero byte receive window has been discussed. This flaw allows an attacker (the receiver) to consistently advertise a zero byte receive window, instructing the sender to maintain the TCP connection and probe the receiver until the receiver is ready to receive data. This is referred to as the TCP persist condition. This can cause the sender to consume system resources, eventually leading to a denial of service.

For more information, please see our knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-21623