• David S. Miller's avatar
    [NET]: Fix hashing exploits in ipv4 routing, IP conntrack, and TCP synq. · 8b1309d9
    David S. Miller authored
    Several hash table implementations in the networking were
    remotely exploitable.  Remote attackers could launch attacks
    whereby, using carefully choosen forged source addresses, make
    every routing cache entry get hashed into the same hash chain.
    
    Netfilter's IP conntrack module and the TCP syn-queue implementation
    had identical vulnerabilities and have been fixed too.
    
    The choosen solution to the problem involved using Bob's Jenkins
    hash along with a randomly choosen input.  For the ipv4 routing
    cache we take things one step further and periodically choose a
    new random secret.  By default this happens every 10 minutes, but
    this is configurable by the user via sysctl knobs.
    8b1309d9
tcp_ipv6.c 53 KB