Linux Kernel TCP_Input.C Remote Denial of Service Vulnerability

info
discussion
exploit
solution
references

Linux Kernel TCP_Input.C Remote Denial of Service Vulnerability

The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize specially crafted ACK responses.

Attackers can exploit this issue to cause a NULL-pointer dereference and crash the kernel.

Linux kernel versions prior to 2.6.23.8 as well as 2.6.24-rc1 and 2.6.24-rc1 are vulnerable.