Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Black Hat USA 2018, SegmentSmack

Filed under
Security
  • Security updates for Tuesday
  • Top 10 Talks to See at Black Hat USA 2018
  • Batten down the ports: Linux networking bug SegmentSmack could remotely crash systems

    A networking flaw has been discovered in the Linux kernel that could trigger a remote denial-of-service attack.

    Versions 4.9 and up are "vulnerable to denial-of-service conditions with low rates of specially crafted packets", according to a US CERT ADVISORY. The bug is being tracked as SegmentSmack (CVE-2018-5390).

    SegmentSmack – which sounds a bit like an American wrestler whose speciality is to close bouts just before an ad break – has prompted fixes for a wide variety of networking kit.

  • Ubuntu and Debian Stretch Receive Linux Kernel Security Update to Fix TCP Flaw

    Canonical and Debian Project released new Linux kernel security updates for their supported operating systems to address a critical vulnerability affecting the TCP implementation.

    Discovered and reported by security researcher Juha-Matti Tilli, the security flaw (CVE-2018-5390) could allow a remote attacker to cause a denial of service on affected machines by triggering worst-case code paths in Transmission Control Protocol (TCP) stream reassembly that has low rates using malicious packets.

SegmentSmack Again

  • SegmentSmack Kernel Bug Discovered, Android 9 Pie Now Available, Google's August Security Bulletin for Android, Kernel 4.19 to Get STACKLEAK Feature and GNOME Releases Keysign 0.9.8

    Security researchers have discovered a bug in kernel 4.9 called SegmentSmack. Red Hat comments that "a remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system". There's no known workaround other than a fixed kernel at this time. See also the story on ZDNet for more information.

  • "SegmentSmack" Linux Network Bug Could Lead To Remote Denial of Service

    The latest high profile Linux kernel vulnerability has been dubbed "SegmentSmack" and could result in a remote denial of service attack.

    With the Linux 4.9 and newer, the kernel can be forced to make expensive calls for every incoming network packet that in turn can lead to the denial of service. Any malicious actor would just need to send specially modified packets within ongoing TCP sessions and implies an open port on the system for attacking. Also lessening the likelihood of attack is the need for having a two-way TCP session.

More SegmentSmack

  • ‘SegmentSmack’ – Critical TCP Vulnerability Found In Linux 4.9 Triggers DoS Attack

    Recently, a researcher has discovered a critical TCP vulnerability in the Linux Kernel that could trigger cyber attacks. Precisely, by exploiting this flaw, any potential bad actors could trigger resource exhaustion attacks through an open port. This vulnerability, termed as ‘SegmentSmack’, primarily targets Linux 4.9 and above. Fortunately, Linux developers have released a patch for it.

  • Linux vulnerability could lead to DDoS attacks

    A Linux kernel vulnerability affecting version 4.9 and up could allow an attacker to carry out denial-of-service attacks on a system with an available open port, according to an Aug 6 security advisory from the CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute.

    “Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service,” the report states. “An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions.”

  • Linux vulnerability could lead to DDoS attacks

    A Linux kernel vulnerability affecting version 4.9 and up could allow an attacker to carry out denial-of-service attacks on a system with an available open port, according to an advisory.

    The CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute said that patches for the vulnerability have been released.

    “Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service,” the advisory states.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Flock 2018 Reports

Kernel: Linux 4.19 and Vega 20 PowerPlay

  • Power Management Updates Land In The Linux 4.19 Kernel
    Intel's Rafael Wysocki has submitted the ACPI and power management updates today for the Linux 4.19 kernel which were subsequently merged by Linus Torvalds.
  • Linux 4.19 Git Contains a lot of Performance Impacting Spectre Mitigation Updates
    Another round of commits regarding anti-Spectre security have landed up in the Linux 4.19 kernel git tree, which may have possible performance impacts for the kernel. While Spectre is still only a somewhat theoretical threat, as its entirely too slow to be used in a serious attack, many folks are taking its future potential quite seriously and arming up against it.
  • Linux 4.19 Kernel to Receive a Ton of Audio Hardware Updates for Improved Linux Sound Capabilities
    Linux audiophiles may have something to rejoice about, as a recent pull request from SUSE’s Takashi Iwai focuses on a plethora of sound subsystem updates for the Linux 4.19 kernel, including a lot of latest hardware support and overall improvements for Linux’s audio capabilities.
  • Updated Vega 20 Open-Source Driver Patches Posted, Including PSP & PowerPlay Support
    Back in May AMD posted initial open-source "Vega 20" patches and support for that yet-to-launch graphics processor was subsequently merged for the Linux 4.18 kernel. More of the Vega 20 AMDGPU kernel driver enablement has now been posted. This latest 69,910 lines of code -- before fretting, most of that is auto-generated header files for the GPU -- notably adds PSP (Platform Security Processor) and SMU (System Management Unit) for Vega 20. With the SMU enablement code, it's also now wired in to enable Vega 20 PowerPlay support as well as related power/clocking-functionality like OverDrive overclocking is also available.

today's howtos

Security: Disclose.io, Adobe, Apple and Instagram

,