Tcp flaw in linux servers allows web traffic hijacking linux kernel source code download

Tcp flaw in linux servers allows web traffic hijacking linux kernel source code download CVE-2016-5696 is the ID of a serious security flaw that affects the TCP implementation in the Linux kernel, which, if exploited, allows an attacker to hijack unencrypted Web traffic, or crash encrypted communications such as HTTPS sessions or Tor connections. The vulnerability affects all Linux kernel versions between v3.6 and up to v4.7 and existed in the Linux kernel for the past four years. Linux check kernel At the heart of the problem is the design of the RFC 5961, a standard that dictates how TCP connections are established between two hosts.

TCP is the protocol at the heart of all Internet communications. Linux kernel development 4th edition


HTTP, FTP, SSH, Telnet, DNS, SNMP, POP, and all other application level protocols stand on the shoulders of TCP. Applications, including Web servers, use TCP to establish connections between hosts, and then reliably send data between them.

All TCP connections are established via the now classic TCP three-way handshake, a process in which the two hosts exchanged three types of TCP packets in a certain order: SYN -> SYN-ACK -> ACK. How to know linux kernel version After a secure connection is established, TCP packets are sent in order between the two hosts. Linux kernel check Problem resides in RFC 5961 implementation in Linux kernel For its part, the Linux project has implemented RFC 5961 better than anyone else, and that’s why Linux-based servers are undeniably the best in the business. A team of six researchers from the University of California, Riverside, and the US Army Research Laboratory have discovered a problem in the way the RFC 5961 standard has been implemented in the Linux kernel.

The researchers created a proof of concept exploit that they can use to detect if two hosts are communicating via TCP. The first part of the attack only takes around 10 seconds and allows the attacker to accurately guess the TCP packet sequence numbers currently exchanged between the two hosts. Linux kernel latest Attacker doesn’t need MitM position The attacker does not need a man-in-the-middle position, meaning the packets exchanged between the two parties don’t necessarily have to go through a server under his control.

Since an IP address can be spoofed, an attacker could intervene in the connections and inject malicious TCP packets inside the legitimate TCP packet sequence. The paper titled Off-Path TCP Exploits: Global Rate Limit Considered Dangerous presents a case study where the six researchers injected a phishing form inside the USA Today website.

The researchers used their exploit to see if the IP of a known person was communicating with the IP of the USA Today (Linux) Web server. “Through extensive experiments, we show that the attack is fast and reliable,” the research team explains.

Linux kernel version list “On average, it takes about 40 to 60 seconds to finish and the success rate is 88% to 97%.” TCP flaw is ideal for DoS-ing the Tor network Injecting rogue content in a TCP connection via this method shows once again why supporting HTTPS is so important. Best linux kernel CVE-2016-5696 can also be used to create a Denial of Service (DoS) state for encrypted services such as SSH and Tor. Using this flaw to crash Tor connections may force some users to resort to less secure communication tools.

In their paper, researchers propose some changes in TCP’s global rate limit to reduce the attack’s reach, but also warn that other operating systems may also be affected. Linux kernel programming book In essence, it depends on how much the OS makers stuck to RFC 5961 when adding TCP support in their OS. Site: http://news.softpedia.com/news/tcp-flaw-in-linux-servers-allows-web-traffic-hijacking-507182.shtml

banner