Описание
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.
Отчет
This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | kernel | Not affected | ||
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2016:1664 | 23.08.2016 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | kernel | Fixed | RHSA-2016:1814 | 06.09.2016 |
| Red Hat Enterprise Linux 6.6 Extended Update Support | kernel | Fixed | RHSA-2016:1939 | 27.09.2016 |
| Red Hat Enterprise Linux 6.7 Extended Update Support | kernel | Fixed | RHSA-2016:1815 | 06.09.2016 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2016:1632 | 18.08.2016 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2016:1633 | 18.08.2016 |
| Red Hat Enterprise Linux 7.1 Extended Update Support | kernel | Fixed | RHSA-2016:1657 | 23.08.2016 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2016:1631 | 18.08.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.8 Medium
CVSS3
5.8 Medium
CVSS2
Связанные уязвимости
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly ...
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
ELSA-2016-3595: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS
4.8 Medium
CVSS3
5.8 Medium
CVSS2