Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 618814 (CVE-2017-5972)

Summary: sys-kernel/gentoo-sources: Unspecified vulnerability (CVE-2017-5972)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED OBSOLETE    
Severity: normal CC: kernel, security-kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-05-18 06:07:19 UTC
CVE-2017-5972 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5972):
  The TCP stack in the Linux kernel 3.x does not properly implement a SYN
  cookie protection mechanism for the case of a fast network connection, which
  allows remote attackers to cause a denial of service (CPU consumption) by
  sending many TCP SYN packets, as demonstrated by an attack against the
  kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been
  unable to discern any relationship between the GitHub Engineering finding
  and the Trigemini.c attack code.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-03-11 00:54:30 UTC
gentoo-sources-3.x no longer in portage tree. Marking as OBSOLETE