Vulnerability found in Linux’s TCP stack

Linux desktop and server users are advised to upgrade the latest version after the USENIX Security Symposium was told this week of a weakness in the Transmission Control Protocol (TCP) of all versions of the operating systems released since late 2012 that enables attackers to remotely hijack users’ Internet communications.

The vulnerability, (CVE-2016-5696), was found by researchers at the University of California at Riverside and detailed in a paper available here.

“The unique aspect of the attack we demonstrated is the very low requirement to be able to carry it out. Essentially, it can be done easily by anyone in the world where an attack machine is in a network that allows IP spoofing. The only piece of information that is needed is the pair of IP addresses (for victim client and server), which is fairly easy to obtain,” project advisor Zhiyun Qian, an assistant professor of computer science at UCR  said in a statement.

Researchers found a subtle flaw (in the form of ‘side channels’) in Linux that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties, the university said.

An attacker would be able to track users’ online activity, terminate connections with others and inject false material into their communications. Encrypted connections (e.g., HTTPS) are immune to data injection, but they are still subject to being forcefully terminated by the attacker. The weakness would allow attackers to degrade the privacy of anonymity networks, such as Tor, by forcing the connections to route through certain relays, the university said.

Researcher said the attack is fast and reliable, often taking less than a minute and showing a success rate of about 90 per cent.

The problem has been patched in Linux versions that have the 4.7 kernel. Administrators who can’t update quickly can work around the problem by raising the `challenge ACK limit’ to an extremely large value to make it practically impossible to exploit the side channel. This can be done on Ubuntu, for instance, opening /etc/sysctl.conf, append a command “net.ipv4.tcp_challenge_ack_limit = 999999999”. Then use “sysctl -p” to update the configuration.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now