Researchers at the University of California have identified a dangerous vulnerability in the TCP (Transmission Control Protocol) used by Linux. The finding of flaw dates back to the end of 2012 but was discovered only recently. They are working with the community for some preventive measures (like an update for clients and hosts) as a pending official patch. The TCP protocol adopted by Linux is affected by a vulnerability that allows you to enter in communications between client and server. This Article Gives Information About TCP Stack Vulnerability in the Linux Kernel For the End Users including Android Mobile Phone Users.
TCP Stack Vulnerability in the Linux Kernel (CVE-2016-5696) : Spectrum Could Spy on Tor Too
Linux kernel is widely used in heterogeneous environments including hosting services, cloud, mobile phones, televisions etc and the flaw is considerable as a threat to a large number of users. The vulnerability theoretically able to hack remote communications using the exploit Internet to monitor a user’s online activities, close communication, introducing malicious code in a forced manner like injection or intercept the information exchanged between client and host, make it less effective solutions that guarantee online anonymity in case of Tor. Even HTTPS with connections, which although immune to injection practices, data can be can be theft by running exploit via this vulnerability.
TCP Stack Vulnerability in the Linux Kernel : Side Channel Attack
The vulnerability allows to deduce the sequence of numbers associated with a particular connection based on the IP addresses of the communicating parties. In practice, given the IP address of any two machines present on the net, one can slide into their communication channel to perform various operations. The attack is fast and reliable, the researchers gave note, because it takes less than 60 seconds to be completed and has a success rate close to 90%.
Some of the security experts have pointed out that this vulnerability references to popular side channel attacks (an approach that, rather than relying on the traditional method “brute force” , try to get information from flaws arising from the implementation of a certain measure of security) 90s. The flaw allows man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack. TCP protocol is the heart of all Internet communications, as all application level protocols, including HTTP, FTP, SSH, Telnet, DNS, and SMTP, stand on TCP.
---
Temporary Fix of TCP Stack Vulnerability (by Akamai)
You can see the Linux Kernel’s detection and patch on Github :
1 2 | https://github.com/torvalds/linux/commit/282f23c6ee343126156dd41218b22ece96d747e3 https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758 |
As a workaround while patches to fix the problem are prepared and distributed, you can raise the rate limit on your Linux machine or gadget to make it more difficult for an attacker to be successful. Check :
1 | sysctl -a | grep ack_limit |
You can add this on /etc/sysctl.conf :
1 | net.ipv4.tcp_challenge_ack_limit = 999999999 |
or run :
1 | sysctl net.ipv4.tcp_challenge_ack_limit=1073741823; grep -q tcp_challenge_ack_limit /etc/sysctl.conf || echo "net.ipv4.tcp_challenge_ack_limit=1073741823" >> /etc/sysctl.conf |
Reload sysctl to activate the new rule.
Official Information on CVE-2016-5696
1 2 3 4 5 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696 http://seclists.org/oss-sec/2016/q3/296 http://www.openwall.com/lists/oss-security/2016/08/16/6 https://access.redhat.com/security/cve/cve-2016-5696 https://blogs.akamai.com/2016/08/vulnerability-in-the-linux-kernels-tcp-stack-implementation.html |
