Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Black Hat USA 2018, SegmentSmack

Filed under
Security
  • Security updates for Tuesday
  • Top 10 Talks to See at Black Hat USA 2018
  • Batten down the ports: Linux networking bug SegmentSmack could remotely crash systems

    A networking flaw has been discovered in the Linux kernel that could trigger a remote denial-of-service attack.

    Versions 4.9 and up are "vulnerable to denial-of-service conditions with low rates of specially crafted packets", according to a US CERT ADVISORY. The bug is being tracked as SegmentSmack (CVE-2018-5390).

    SegmentSmack – which sounds a bit like an American wrestler whose speciality is to close bouts just before an ad break – has prompted fixes for a wide variety of networking kit.

  • Ubuntu and Debian Stretch Receive Linux Kernel Security Update to Fix TCP Flaw

    Canonical and Debian Project released new Linux kernel security updates for their supported operating systems to address a critical vulnerability affecting the TCP implementation.

    Discovered and reported by security researcher Juha-Matti Tilli, the security flaw (CVE-2018-5390) could allow a remote attacker to cause a denial of service on affected machines by triggering worst-case code paths in Transmission Control Protocol (TCP) stream reassembly that has low rates using malicious packets.

SegmentSmack Again

  • SegmentSmack Kernel Bug Discovered, Android 9 Pie Now Available, Google's August Security Bulletin for Android, Kernel 4.19 to Get STACKLEAK Feature and GNOME Releases Keysign 0.9.8

    Security researchers have discovered a bug in kernel 4.9 called SegmentSmack. Red Hat comments that "a remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system". There's no known workaround other than a fixed kernel at this time. See also the story on ZDNet for more information.

  • "SegmentSmack" Linux Network Bug Could Lead To Remote Denial of Service

    The latest high profile Linux kernel vulnerability has been dubbed "SegmentSmack" and could result in a remote denial of service attack.

    With the Linux 4.9 and newer, the kernel can be forced to make expensive calls for every incoming network packet that in turn can lead to the denial of service. Any malicious actor would just need to send specially modified packets within ongoing TCP sessions and implies an open port on the system for attacking. Also lessening the likelihood of attack is the need for having a two-way TCP session.

More SegmentSmack

  • ‘SegmentSmack’ – Critical TCP Vulnerability Found In Linux 4.9 Triggers DoS Attack

    Recently, a researcher has discovered a critical TCP vulnerability in the Linux Kernel that could trigger cyber attacks. Precisely, by exploiting this flaw, any potential bad actors could trigger resource exhaustion attacks through an open port. This vulnerability, termed as ‘SegmentSmack’, primarily targets Linux 4.9 and above. Fortunately, Linux developers have released a patch for it.

  • Linux vulnerability could lead to DDoS attacks

    A Linux kernel vulnerability affecting version 4.9 and up could allow an attacker to carry out denial-of-service attacks on a system with an available open port, according to an Aug 6 security advisory from the CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute.

    “Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service,” the report states. “An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions.”

  • Linux vulnerability could lead to DDoS attacks

    A Linux kernel vulnerability affecting version 4.9 and up could allow an attacker to carry out denial-of-service attacks on a system with an available open port, according to an advisory.

    The CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute said that patches for the vulnerability have been released.

    “Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service,” the advisory states.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Themes With Emphasis on GTK/GNOME

  • Stylish Gtk Themes Makes Your Linux Desktop Look Stylish
    There are plenty of nice themes available for Gnome desktop and many of them are in active development. Stylish theme pack is one of the great looking pack around since 2014 and constantly evolving. It offers stylish clean and flat design themes for Gtk-3 and Gtk-2, including Gnome shell themes. Stylish theme pack is based Materia theme and support almost every desktop environment such as Gnome, Cinnamon, Mate, Xfce, Mate, Budgie, Panteon, etc. We are offering Stylish themes via our PPA for Ubuntu/Linux Mint. If you are using distribution other than Ubuntu/Linux Mint then download this pack directly from its page and install it in this location "~/.themes" or "/usr/share/themes". Since Stylish theme pack is in active development that means if you encounter any kind of bug or issue with it then report it to get fixed in the next update.
  • Delft: Another Great Icon Pack In Town Forked From Faenza Icons
    In past, you may have used Faenza icon theme or you still have it set on your desktop. Delft icons are revived version of Faenza and forked from Faenza icon theme, maybe it is not right to say 'revived' because it looks little different from Faenza theme and at the same time it stays close to the original Faenza icons, it is released under license GNU General Public License V3. The theme was named after a dutch city, which is known for its history, its beauty, and Faenza in Italy. The author who is maintaining Delft icons saw that Faenza icons haven't been updated from some years and thought to carry this project. There are some icons adopted from the Obsidian icon theme. Delft icon pack offer many variants (Delft, Delft-Amber, Delft-Aqua, Delft-Blue, Delft-Dark, Delft-Gray, Delft-Green, Delft-Mint, Delft-Purple, Delft-Red, Delft-Teal) including light and dark versions for light/dark themes, you can choose appropriate one according to your desktop theme. These icons are compatible with most of the Linux desktop environments such as Gnome, Unity, Cinnamon, Mate, Lxde, Xfce and others. Many application icons available in this icons pack and if you find any missing icon or want to include something in this icon pack or face any kind of bug then report it to creator.
  • Give Your Desktop A Sweet Outlook With Sweet Themes Give Your Desktop A Sweet Outlook With Sweet Themes
    It is feels bit difficult to describe this theme we are going to introduce here today. Sweet theme pack looks and feel very different on the desktop but at the same time make the Linux desktop elegant and eye catching. Maybe these are not perfect looking themes available but it lineup in the perfect theme queue. You may say, I don't like it in screenshots, let me tell you that you should install it on your system and if you don't like then you already have option to remove it. So there is no harm to try a new thing, maybe this is next best theme pack for your Linux desktop.

Pecking order cheap sldnfl no formula

what dose viagra herb viagra for sale http:juki.host-page.com4083buy+viagra+-+generic+and+brand.htmldiscount-viagra viagra for sale - cialis 20mg dosage password cialis for daily use prices logged what dose viagra herb viagra for sale http:juki.host-page.com4083buy+viagra+-+generic+and+brand.htmldiscount-viagra viagra for sale - cialis 20mg dosage password cialis for daily use prices logged

Pecking order stingy sldnfl no instruction

viagra from canada getting started viagra for men for sale viagra from canada online login with username password and session length viagra for men for sale - cialis 20mg dosage password how much cialis should i take each time viagra from canada getting started viagra for men for sale viagra from canada online login with username password and session length viagra for men for sale - cialis 20mg dosage password how much cialis should i take each time

Open-source hardware could defend against the next generation of hacking

Imagine you had a secret document you had to store away from prying eyes. And you have a choice: You could buy a safe made by a company that kept the workings of its locks secret. Or you could buy a safe whose manufacturer openly published the designs, letting everyone – including thieves – see how they’re made. Which would you choose? It might seem unexpected, but as an engineering professor, I’d pick the second option. The first one might be safe – but I simply don’t know. I’d have to take the company’s word for it. Maybe it’s a reputable company with a longstanding pedigree of quality, but I’d be betting my information’s security on the company upholding its traditions. By contrast, I can judge the security of the second safe for myself – or ask an expert to evaluate it. I’ll be better informed about how secure my safe is, and therefore more confident that my document is safe inside it. That’s the value of open-source technology. Read more