9 строки
779 B
Plaintext
9 строки
779 B
Plaintext
|
# CVE-2007-0086 has been disputed to be an actual vulnerability. Official Red Hat statement from 1st of November 2007:
|
||
|
|
||
|
"Red Hat does not consider this issue to be a security vulnerability. The pottential attacker has to send acknowledgement
|
||
|
packets periodically to make server generate traffic. Exactly the same effect could be achieved by simply downloading the file.
|
||
|
The statement that setting the TCP window size to arbitrarily high value would permit the attacker to disconnect and stop
|
||
|
sending ACKs is false, because Red Hat Enterprise Linux limits the size of the TCP send buffer to 4MB by default."
|
||
|
|
||
|
In case of CBL-Mariner the default max TCP send buffer size is set to 4 MBs as well.
|
||
|
The configuration is available under '/proc/sys/net/ipv4/tcp_wmem'.
|