| 2006-08-21 11:59:07 |
enyc |
bug |
|
|
added bug |
| 2006-08-31 16:59:16 |
Jeremy Vies |
bug |
|
|
added subscriber Ubuntu Security Team |
| 2006-08-31 16:59:38 |
Jeremy Vies |
bug |
|
|
added subscriber Ubuntu Kernel Network Team |
| 2006-09-08 22:53:37 |
Matt Zimmerman |
procps: status |
Unconfirmed |
Rejected |
|
| 2006-09-08 22:53:37 |
Matt Zimmerman |
procps: statusexplanation |
|
SYN cookies are disabled by default in Ubuntu for the same reason they are disabled by default in the kernel. According to the kernel documentation, use of this option causes the system to violate the TCP standard, and so is only intended to be used to mitigate an attack in progress. |
|
| 2008-09-26 09:09:23 |
enyc |
None: status |
Invalid |
Incomplete |
|
| 2008-09-26 09:09:23 |
enyc |
None: statusexplanation |
SYN cookies are disabled by default in Ubuntu for the same reason they are disabled by default in the kernel. According to the kernel documentation, use of this option causes the system to violate the TCP standard, and so is only intended to be used to mitigate an attack in progress. |
|
|
| 2009-02-09 21:24:29 |
Kees Cook |
None: status |
Incomplete |
Fix Released |
|
| 2009-02-09 21:24:29 |
Kees Cook |
None: title |
Bug #57091 in Ubuntu: "proc/sys/net/ipv4/tcp_syncookies=1 should be seriously considered to permit SYN flood defense..." |
Bug #57091 in procps (Ubuntu): "proc/sys/net/ipv4/tcp_syncookies=1 should be seriously considered to permit SYN flood defense..." |
|
| 2009-02-09 21:24:29 |
Kees Cook |
None: importance |
Undecided |
Medium |
|
| 2009-02-09 21:24:29 |
Kees Cook |
None: bugtargetname |
ubuntu |
procps (Ubuntu) |
|
| 2009-02-09 21:24:29 |
Kees Cook |
None: statusexplanation |
|
procps (1:3.2.7-11ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes:
- debian/{postinst,rules}: init script to priority 17, remove on upgrade.
- debian/rules (Ubuntu-specific):
- install sysctl files from new sysctl.d directory.
- append debian/sysctl.d/*.conf.$DEB_HOST_ARCH to 10-arch-specific.conf
- debian/sysctl.d (Ubuntu-specific):
- 10-console-messages.conf: stop low-level kernel messages on console.
- 10-network-security.conf: enable "rp_filter" by default.
- 10-process-security.conf: block lower 64k allocations to protect
kernel from NULL deref attacks.
- 10-keyboard.conf.powerpc: mouse button emulation on PowerPC.
* procps-3.2.7/debian/{preinst,postinst,postrm}: drop
sysctl.d/10-tcp-timestamps-workaround.conf again now that we have a
fixed kernel, and make sure it gets removed on upgrade to this version
(LP: #264019, duplicated from 1:3.2.7-9ubuntu2.1).
* debian/sysctl.d/10-network-security.conf: enable SYN-flood protection
by default (LP: #57091).
|
|
| 2009-02-09 21:24:29 |
Kees Cook |
None: assignee |
|
kees |
|
| 2009-02-09 21:24:29 |
Kees Cook |
None: bugtargetdisplayname |
Ubuntu |
procps (Ubuntu) |
|
| 2009-06-27 04:25:20 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/karmic/procps |
|
| 2009-09-25 08:23:13 |
Olaf van der Spek |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520668 |
|
