Re: (OT kinda) Newly-discovered TCP flaw
A report on this showed up on ZDNet this morning:
http://www.zdnet.com/article/linux-tcp-flaw-lets-anyone-hijack-internet-traffic
Apparently, it affects Linux 3.6 and up. Hopefully, I don't have to root
my Android devices to fix the problem there (we'll see how quickly Samsung
rolls out the patch).
--------------------------|
John L. Ries |
Salford Systems |
Phone: (619)543-8880 x107 |
or (435)867-8885 |
--------------------------|
On Fri, 12 Aug 2016, rhkramer@gmail.com wrote:
> Oops, my apologies, I did have a senior moment (but not the one I allluded to
> earlier)--the reference I found to runtime was in the man page for sysctl, not
> the README.
>
>
> On Friday, August 12, 2016 10:54:52 AM Greg Wooledge wrote:
> > I did some web surfing when this thread was posted, to try to track
> > down *which kernel versions* are affected by this TCP security flaw.
> > I haven't seen this information posted yet.
> >
> > http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf says:
> > "The feature is outlined in RFC 5961, which is implemented faithfully
> > in Linux kernel version 3.6 from late 2012."
> >
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696 says:
> > "net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly
> > determine the rate of challenge ACK segments, which makes it easier
> > for man-in-the-middle attackers to hijack TCP sessions via a blind
> > in-window attack."
> >
> > So the flaw appears to be in Linux kernels from 3.6 to 4.6 inclusive,
> > which includes Jessie (3.16) but not Wheezy (3.2) or earlier.
> > The jessie-backports kernel right now is 4.6, but only for a brief
> > time. The last plan I saw was for Stretch to ship with 4.10, which
> > should include the fix for this flaw.
> >
> > Now on to the thread:
> >
> > On Fri, Aug 12, 2016 at 10:42:36AM -0400, rhkramer@gmail.com wrote:
> > > In the README for sysctl on my wheezy system, it says "configure kernel
> > > parameters at runtime".
> >
> > Not on mine.
> >
> > greg@remote:~$ grep run /etc/sysctl.d/README.sysctl
> > greg@remote:~$
> >
> > > I may be having a senior moment, but, atm, I'm not completely sure what
> > > runtime means
> >
> > "At boot time", I would think. But I don't know where your file actually
> > came from, so my guesses about the author's intent might be somewhat off.
> >
> > README.sysctl is short enough to post in its entirety here, so this is
> > what mine says on a wheezy system:
> >
> >
> ======================================================================
> > Kernel system variables configuration files
> >
> > Files found under the /etc/sysctl.d directory that end with .conf are
> > parsed within sysctl(8) at boot time. If you want to set kernel variables
> > you can either edit /etc/sysctl.conf or make a new file.
> >
> > The filename isn't important, but don't make it a package name as it may
> > clash with something the package builder needs later. It must end with
> > .conf though.
> >
> > My personal preference would be for local system settings to go into
> > /etc/sysctl.d/local.conf but as long as you follow the rules for the names
> > of the file, anything will work. See sysctl.conf(8) man page for details
> > of the format.
> >
> ======================================================================
>
>
Reply to: