TCP Flaw Lets Remote Attackers Stall Devices With Tiny DoS Attack

An anonymous reader quotes a report from ZDNet: Security researchers are warning Linux system users of a bug in the Linux kernel version 4.9 and up that could be used to hit systems with a denial-of-service attack on networking kit. The warning comes from Carnegie Mellon University’s CERT/CC, which notes that newer versions of the Linux kernel can be "forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS)".
It lists a number of network-equipment vendors, PC and server manufacturers, mobile vendors, and operating-system makers that may be affected but notes that it hasn’t confirmed whether any of them actually are. But, given the widespread use of Linux, the bug could affect every vendor from Amazon and Apple through to Ubuntu and ZyXEL. A remote attacker could cause a DoS by sending specially modified packets within ongoing TCP sessions. But sustaining the DoS condition would mean an attacker needs to have continuous two-way TCP sessions to a reachable and open port. The bug, dubbed "SegmentSmack" by Red Hat, has "no effective workaround/mitigation besides a fixed kernel."



Share on Google+

Read more of this story at Slashdot.

Source of this (above) article: https://linux.slashdot.org/story/18/08/07/2112209/tcp-flaw-lets-remote-attackers-stall-devices-with-tiny-dos-attack?utm_source=rss1.0mainlinkanon&utm_medium=feed

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *