Bug 843129 - RFE kernel: net: mitigate blind reset attacks using RST and SYN bits
RFE kernel: net: mitigate blind reset attacks using RST and SYN bits
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.9
All Linux
high Severity high
: rc
: ---
Assigned To: Red Hat Kernel Manager
Red Hat Kernel QE team
: FutureFeature, Security
Depends On: 843126 843130
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-25 12:22 EDT by Petr Matousek
Modified: 2012-10-30 10:14 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 843126
Environment:
Last Closed: 2012-10-30 10:14:56 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Petr Matousek 2012-07-25 12:22:32 EDT
+++ This bug was initially created as a clone of Bug #843126 +++

Description of problem:

RHEL is prone to blind reset attacks.
Blind reset attacks together with mitigations are described in RFC 5691.
Please backport the Linux kernel upstream fixes below.

Upstream fixes
--------------

Implement the RFC 5691 mitigation against Blind
Reset attack using RST bit.

Upstream Linux kernel commit:
282f23c6ee343126156dd41218b22ece96d747e3 RFC 5961 3.2 Mitigation

Implement the RFC 5691 mitigation against Blind
Reset attack using SYN bit.

Upstream Linux kernel commit:
0c24604b68fc7810d429d6c3657b6f148270e528 RFC 5961 4.2 Mitigation

Followup of commit 0c24604b68fc (tcp: implement RFC 5961 4.2)

Upstream Linux kernel commit:
e371589917011efe6ff8c7dfb4e9e81934ac5855 0c24604b68fc follow up
Comment 2 Libor Miksik 2012-10-25 08:30:52 EDT
Thank you for submitting this issue for consideration. Red Hat Enterprise Linux 5 has reached the end of Production 1 Phase of its Life Cycle.  Red Hat does not plan to incorporate the suggested capability in a future Red Hat Enterprise Linux 5 minor release. If you would like Red  Hat to re-consider this feature request and the requested functionality is not currently in Red Hat Enterprise Linux 6, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.