[security-announce] Security update: CVE-2016-5696 kernel: challenge ACK counter information disclosure.

Sona Sarmadi sona.sarmadi at enea.com
Fri Aug 12 21:58:35 CEST 2016


		Enea Linux Security Advisory

====================================================================
Product/package: Enea Linux 6.0: all kernel versions from 3.6 to 4.7
Severity: High
Arch: All
CVE Name: CVE-2016-5696
====================================================================
A flaw has been found in the implementation of the Linux kernel's
handling of networking challenge ack where an attacker is able to
determine the shared counter.

This may allow an attacker to inject or take over a TCP connection
between a server and client without having to be a traditional Man In
the Middle (MITM) style attack.

Introduced in (tcp: implement RFC 5961 3.2):
 https://github.com/torvalds/linux/commit/282f23c6ee343126156dd41218b22ece96d747e3 (v3.6)


Description:
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly
determine the rate of challenge ACK segments, which makes it easier for
man-in-the-middle attackers to hijack TCP sessions via a blind in-window
attack.

References:
OSS-Security post: http://seclists.org/oss-sec/2016/q3/44
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696
https://bugzilla.redhat.com/show_bug.cgi?id=1354708

Upstream patch (currently only in mainline kernel 4.7):
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758

Enea correction:
The patch has not been backported to older kernels on kernel.org.
Enea is investigating a correction for the kernel versions used by Enea
customers.

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20160812/8ac18e72/attachment-0002.sig>


More information about the security-announce mailing list