Описание
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
Ссылки
- Issue TrackingPatch
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- Technical Description
Уязвимые конфигурации
Одно из
EPSS
4.8 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly ...
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
ELSA-2016-3595: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS
4.8 Medium
CVSS3
5.8 Medium
CVSS2