Problem Description:
While processing acknowledgements, the RACK code uses
several linked lists to maintain state entries. A malicious
attacker can cause the lists to grow unbounded. This can
cause an expensive list traversal on every packet being
processed, leading to resource exhaustion and a denial of
service.
Impact:
An attacker with the ability to send specially crafted
TCP traffic to a victim system can degrade network performance
and/or consume excessive CPU by exploiting the inefficiency
of traversing the potentially very large RACK linked lists
with relatively small bandwidth cost.