Front Page: NCSC-FI
Front Page: NCSC-FI
Menu

The network stacks of recent Linux and FreeBSD kernels have a vulnerability that makes it possible to perform denial of service attacks with low packet volumes. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port.

The vulnerability is related to the handling of TCP segments within Linux and FreeBSD TCP/IP stacks. Mounting the attack requires that a two-way TCP connection to an open port is formed. An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions. Thus, the attacks cannot be performed using spoofed IP addresses.

Vulnerability coordination:

The vulnerability was found by Juha-Matti Tiili from Aalto University, Department of Communications and Networking / Nokia Bell Labs. NCSC-FI would like to thank the finder, CERT/CC and vendors for participating in the coordination.

Target

  • Others
  • Network devices
  • Embedded systems
  • Servers and server applications

Attack vector

  • Remote
  • No user interaction required

Impact

  • Denial-of-service attack

Remediation

  • Software update patch

Contact Information

NCSC-FI Vulnerability Coordination can be contacted as follows:

Email: vulncoord@ficora.fi

Please quote the advisory reference [FICORA #1052508] in the subject line.

Telephone:
+358 295 390 230
Monday - Friday 08:00 – 16:15 (EET: UTC+3)

Post:
Vulnerability Coordination
FICORA / NCSC-FI
P.O. Box 313
FI-00561 Helsinki
FINLAND

NCSC-FI encourages those who wish to communicate via email to make use of our PGP key. The PGP key as well as the vulnerability coordination principles of NCSC-FI are available at: