Subject: Linux 2.0.38 Security Notice To: editor@lwn.net, scoop@freshmeat.net, kernel@linuxtoday.com, Date: Thu, 26 Aug 1999 16:40:46 +0100 (BST) From: Alan Cox <alan@lxorguk.ukuu.org.uk> Linux 2.0.3x TCP vulnerability There is a remote network DoS vulnerability in all Linux 2.0.x systems. Linux 2.2.x is not affected by this bug. Causing this requires a great deal of skill and probably a reasonably local network access as it is extremely timing dependant. As far as we know the exploit is not known in the cracker community. Details of the exploit will be released in about 4-6 weeks time assuming someone bright doesn't figure it out first. The bug was found by Erik Nygren at MIT, who also provided a fix. We have also taken the opportunity to fix two other tiny bugs. The first is a case where the TCP stack read data freed momentarily before. The worst it could do was miss an ack as far as we can tell. If you selected custom memory sizes then the segment limit setup was configured wrongly and opened potential holes. This bug was found and fixed by Solar Designer. If you chose the standard memory configurations for 1Gb and 2Gb then you are not vulnerable the segment limit error. 2.0.38 fixes only these bugs. There are no other changes in this patch. The patch should also apply to variant 2.0.3x trees for other platforms.