Linux TCP Flaw
Linux TCP Flaw: A flaw in the RFC 5961 specification the Internet Engineering Task Force developed to protect TCP against blind in-window attacks could threaten Android smartphones, as well as every Linux computer on the planet. The flaw is described in a paper a team of researchers presented at the 25th Usenix Security Symposium, ongoing in Austin, Texas, through Friday. The researchers are affiliated with the University of California at Riverside and the United States Army Research Laboratory. “This attack could be used to target long-lived back-end connections like database sessions or management and monitoring channels,” said Craig Young, a computer security researcher for Tripwire’s Vulnerability and Exposures Research Team.
RFC 5961 was designed to make it more difficult to carry out TCP spoofing attacks against long-lived connections. [*Correction – Aug. 12, 2016] The specification ensures that an incoming packet’s sequence number exactly matches the sequence number expected to be next. Further, the attacker also would have to guess a proper ACK value within a scoped range. The ACK throttling feature, as implemented under RFC 5961, has a default limit of 100 challenge ACKS generated per second. [*Correction – Aug. 12, 2016] That limit is shared across all channels, which lets the shared state be exploited as a side channel. Concerned users should think about possible ramifications before disrupting businesses to roll out patches, warned Adrian Sanabria, a senior security analyst at 451 Research.