Re: (OT kinda) Newly-discovered TCP flaw

To: debian-user@lists.debian.org
Cc: Greg Wooledge <wooledg@eeg.ccf.org>
Subject: Re: (OT kinda) Newly-discovered TCP flaw
From: rhkramer@gmail.com
Date: Fri, 12 Aug 2016 11:30:44 -0400
Message-id: <[🔎] 201608121130.45001.rhkramer@gmail.com>
In-reply-to: <[🔎] 20160812145452.GO6814@eeg.ccf.org>
References: <[🔎] slrnnqp80d.67r.curty@einstein.electron.org> <[🔎] 201608121042.36926.rhkramer@gmail.com> <[🔎] 20160812145452.GO6814@eeg.ccf.org>

Oops, my apologies, I did have a senior moment (but not the one I allluded to 
earlier)--the reference I found to runtime was in the man page for sysctl, not 
the README.


On Friday, August 12, 2016 10:54:52 AM Greg Wooledge wrote:
> I did some web surfing when this thread was posted, to try to track
> down *which kernel versions* are affected by this TCP security flaw.
> I haven't seen this information posted yet.
> 
> http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf says:
> "The feature is outlined in RFC 5961, which is implemented faithfully
> in Linux kernel version 3.6 from late 2012."
> 
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696 says:
> "net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly
> determine the rate of challenge ACK segments, which makes it easier
> for man-in-the-middle attackers to hijack TCP sessions via a blind
> in-window attack."
> 
> So the flaw appears to be in Linux kernels from 3.6 to 4.6 inclusive,
> which includes Jessie (3.16) but not Wheezy (3.2) or earlier.
> The jessie-backports kernel right now is 4.6, but only for a brief
> time.  The last plan I saw was for Stretch to ship with 4.10, which
> should include the fix for this flaw.
> 
> Now on to the thread:
> 
> On Fri, Aug 12, 2016 at 10:42:36AM -0400, rhkramer@gmail.com wrote:
> > In the README for sysctl on my wheezy system, it says "configure kernel
> > parameters at runtime".
> 
> Not on mine.
> 
> greg@remote:~$ grep run /etc/sysctl.d/README.sysctl
> greg@remote:~$
> 
> > I may be having a senior moment, but, atm, I'm not completely sure what
> > runtime means
> 
> "At boot time", I would think.  But I don't know where your file actually
> came from, so my guesses about the author's intent might be somewhat off.
> 
> README.sysctl is short enough to post in its entirety here, so this is
> what mine says on a wheezy system:
> 
> 
======================================================================
> Kernel system variables configuration files
> 
> Files found under the /etc/sysctl.d directory that end with .conf are
> parsed within sysctl(8) at boot time.  If you want to set kernel variables
> you can either edit /etc/sysctl.conf or make a new file.
> 
> The filename isn't important, but don't make it a package name as it may
> clash with something the package builder needs later. It must end with
> .conf though.
> 
> My personal preference would be for local system settings to go into
> /etc/sysctl.d/local.conf but as long as you follow the rules for the names
> of the file, anything will work. See sysctl.conf(8) man page for details
> of the format.
> 
======================================================================

Reply to:

Follow-Ups:
- Re: (OT kinda) Newly-discovered TCP flaw
  - From: "John L. Ries" <jries@salford-systems.com>

References:
- (OT kinda) Newly-discovered TCP flaw
  - From: Curt <curty@free.fr>
- Re: (OT kinda) Newly-discovered TCP flaw
  - From: rhkramer@gmail.com
- Re: (OT kinda) Newly-discovered TCP flaw
  - From: Greg Wooledge <wooledg@eeg.ccf.org>

Prev by Date: Re: (OT kinda) Newly-discovered TCP flaw
Next by Date: Re: (OT kinda) Newly-discovered TCP flaw
Previous by thread: Re: (OT kinda) Newly-discovered TCP flaw
Next by thread: Re: (OT kinda) Newly-discovered TCP flaw
Index(es):
- Date
- Thread