Critical Linux Kernel SegmentSmack Issue
A new vulnerability has been revealed to cause harm in Linux enabled systems.
This can effect multiple systems and devices from Routers, Servers, Workstations, IoT, Tablets, Smart phones.
The new vulnerability can be identified as: CVE Identifiers: CVE-2018-5390
It is affecting multiple popular Linux distributions.
More information available at CERT n, please see https://www.kb.cert.org/vuls/id/962459.
Credit also goes to Nokia Bell Labs for reporting this vulnerability.
The kernel vulnerability TCP flaw can let a blackhat attacker to freeze devices with a small DoS Denial of Service attack.
The vulnerability is named SegmentSmack and gives remote blackhat attackers the possibility to knock out a system with just sending minimal amount of traffic to the target.
Linux users are being warned that the vulnerability bug persist in Linux kernel 4.9 and newer and can be exploited to cause DoS Denial of Service conditions.
SegmentSmack Linux Kernel Vulnerability
It is unknown if the vulnerability is already being exploited in the wild.
The vulnerability is that the Linux Kernel is tricked and must make very expensive connections to tcp_collapse_ofo_queue() & tcp_prune_ofo_queue() in all incoming tcp packets.
This can easily result in a Denial of Service DoS attack.
Linux centralization shows single point of vulnerability
It is still unconfirmed how many vendors are vulnerable in practical devices.
Large vendors vulnerable Including Amazon to Ubuntu
That one simple vulnerability can effect high amount of units from Amazon to Apple through Zyxel, Rdhat, Ubuntu.
The attacks works by remote attackers sending a specially modified packet within the started TCP sessions.
For the attacker to be successful the attacker needs to have ongoing two way TCP sessions to a reached and open TCP port.
This causes the Denial of Service DoS condition.
Small bandwidth cause Linux Kernel DoS
The attacker can cause this situation with small bandwidth.
In worst case an attacker can crash a target with just 2kpps [2,000 packets per second].
Most vendors have already released patches that includes a newer Linux kernel upgrade.
Linux founder Linus Torvalds earlier deployed his own version of SegmentSmack to Nvidia for not supporting Linux in the Optimus technology.
Now this might be karma going around.
The Protector UTM Firewall already have IPS signatures to block this attacker across a network with vulnerable devices.