Vulnerability14/2018
The network stacks of recent Linux and FreeBSD kernels have a vulnerability that makes it possible to perform denial of service attacks with low packet volumes. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port.
The vulnerability is related to the handling of TCP segments within Linux and FreeBSD TCP/IP stacks. Mounting the attack requires that a two-way TCP connection to an open port is formed. An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions. Thus, the attacks cannot be performed using spoofed IP addresses.
Vulnerability coordination:
The vulnerability was found by Juha-Matti Tiili from Aalto University, Department of Communications and Networking / Nokia Bell Labs. NCSC-FI would like to thank the finder, CERT/CC and vendors for participating in the coordination.
Target
- Others
- Network devices
- Embedded systems
- Servers and server applications
Attack vector
- Remote
- No user interaction required
Impact
- Denial-of-service attack
Remediation
- Software update patch
Subject of vulnerability
- In the Linux kernel, the vulnerability was introduced in version 4.9 and fixed in versions 4.9.117, 4.17.11, and 4.14.59. The version 4.4.146 includes portions of the same fix.
- All supported FreeBSD versions
What is it about?
Update the affected software using the automatic updates of your OS provider.
The vulnerability can be mitigated by restricting access to the vulnerable version, or by terminating TCP connections in a separate system such as proxy or load balancer.
What can I do?
- CVE-2018-5390 (External link)
- CVE-2018-6922 (External link)
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e (External link)
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=dc6ae4dffd656811dee7151b19545e4cd839d378 (External link)
- https://www.kb.cert.org/vuls/id/962459 (External link)
- https://access.redhat.com/security/cve/cve-2018-5390 (External link)
- https://security-tracker.debian.org/tracker/CVE-2018-5390 (External link)
- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5390.html (External link)
- https://www.suse.com/c/suse-addresses-segmentsmack-attack/ (External link)
- https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc (External link)
Contact Information
NCSC-FI Vulnerability Coordination can be contacted as follows:
Email: vulncoord@ficora.fi
Please quote the advisory reference [FICORA #1052508] in the subject line.
Telephone:
+358 295 390 230
Monday - Friday 08:00 – 16:15 (EET: UTC+3)
Post:
Vulnerability Coordination
FICORA / NCSC-FI
P.O. Box 313
FI-00561 Helsinki
FINLAND
NCSC-FI encourages those who wish to communicate via email to make use of our PGP key. The PGP key as well as the vulnerability coordination principles of NCSC-FI are available at: