Fusion Center Report: SegmentSmack - Linux Kernel TCP Vulnerability (English)
Report from EclecticIQ Fusion Center from Tuesday 7 August 2018.
Key Findings:
- Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
- A remote attacker may be able to trigger a denial-of-service condition against a system with an available open port.
- The vulnerability does not allow remote code execution. To exploit the vulnerability, you need inbound TCP access to the server.
- Most enterprise grade Linux distributions do not yet use Linux kernel’s 4.9 or above, so aren’t impacted. By the time they do, patches will be built in.
About EclecticIQ
EclecticIQ develops analyst-centric products that align our clients’ cybersecurity focus with their threat reality. The result is intelligence-led security, improved detection, prevention, and response.
EclecticIQ Fusion Center
EclecticIQ Fusion Center delivers thematic intelligence bundles providing a single curated source of relevant CTI from leading suppliers all in a single contract.
Download Report
About EclecticIQ
EclecticIQ develops analyst-centric products that align our clients’ cybersecurity focus with their threat reality. The result is intelligence-led security, improved detection, prevention, and response.
EclecticIQ Fusion Center
EclecticIQ Fusion Center delivers thematic intelligence bundles providing a single curated source of relevant CTI from leading suppliers all in a single contract.