It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.
Unitrends risk assessment: Low (Attack Complexity= High, Integrity Impact = Low, Availability Impact = Low)
The key impact of a successful complex attack would be wrongly terminated TCP connections.
For CentOS6, resolved in kernel-2.6.32-642.4.2.el6 in the latest security update
For CentOS5, not vulnerable