Part of the Transmission Control Protocol (TCP) allows a receiver to advertise a zero byte window,instructing the sender to maintain the connection but not send additional TCP payload data.The sender should then probe the receiver to check if the receiver is ready to accept data.Narrow interpretation of this part of the specification can create a denial-of-service vulnerability.
By advertising a zero receive window and acknowledging probes,
a malicious receiver can cause a sender to consume resources (TCP state, buffers, and application memory),preventing the targeted service or system from handling legitimate connections.
Impact
A remote, unauthenticated attacker can cause a denial of service.
The attacker may be able to cause the operating system or network application to be unresponsive for the duration of the attack.
Solution
Modifications can be made to TCP implementations, interfaces, operating systems,and network applications, however any changes should consider the balance between improved resiliency and decreased interoperability.
Systems Affected
Generally, any system or product that implements or uses TCP could be affected by this vulnerability, depending on how the product handles resource exhaustion and TCP connections in persist.By design, TCP does not inherently defend against denial-of-service attacks based on resource exhaustion
