Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Black Hat USA 2018, SegmentSmack

Filed under
Security
  • Security updates for Tuesday
  • Top 10 Talks to See at Black Hat USA 2018
  • Batten down the ports: Linux networking bug SegmentSmack could remotely crash systems

    A networking flaw has been discovered in the Linux kernel that could trigger a remote denial-of-service attack.

    Versions 4.9 and up are "vulnerable to denial-of-service conditions with low rates of specially crafted packets", according to a US CERT ADVISORY. The bug is being tracked as SegmentSmack (CVE-2018-5390).

    SegmentSmack – which sounds a bit like an American wrestler whose speciality is to close bouts just before an ad break – has prompted fixes for a wide variety of networking kit.

  • Ubuntu and Debian Stretch Receive Linux Kernel Security Update to Fix TCP Flaw

    Canonical and Debian Project released new Linux kernel security updates for their supported operating systems to address a critical vulnerability affecting the TCP implementation.

    Discovered and reported by security researcher Juha-Matti Tilli, the security flaw (CVE-2018-5390) could allow a remote attacker to cause a denial of service on affected machines by triggering worst-case code paths in Transmission Control Protocol (TCP) stream reassembly that has low rates using malicious packets.

SegmentSmack Again

  • SegmentSmack Kernel Bug Discovered, Android 9 Pie Now Available, Google's August Security Bulletin for Android, Kernel 4.19 to Get STACKLEAK Feature and GNOME Releases Keysign 0.9.8

    Security researchers have discovered a bug in kernel 4.9 called SegmentSmack. Red Hat comments that "a remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system". There's no known workaround other than a fixed kernel at this time. See also the story on ZDNet for more information.

  • "SegmentSmack" Linux Network Bug Could Lead To Remote Denial of Service

    The latest high profile Linux kernel vulnerability has been dubbed "SegmentSmack" and could result in a remote denial of service attack.

    With the Linux 4.9 and newer, the kernel can be forced to make expensive calls for every incoming network packet that in turn can lead to the denial of service. Any malicious actor would just need to send specially modified packets within ongoing TCP sessions and implies an open port on the system for attacking. Also lessening the likelihood of attack is the need for having a two-way TCP session.

More SegmentSmack

  • ‘SegmentSmack’ – Critical TCP Vulnerability Found In Linux 4.9 Triggers DoS Attack

    Recently, a researcher has discovered a critical TCP vulnerability in the Linux Kernel that could trigger cyber attacks. Precisely, by exploiting this flaw, any potential bad actors could trigger resource exhaustion attacks through an open port. This vulnerability, termed as ‘SegmentSmack’, primarily targets Linux 4.9 and above. Fortunately, Linux developers have released a patch for it.

  • Linux vulnerability could lead to DDoS attacks

    A Linux kernel vulnerability affecting version 4.9 and up could allow an attacker to carry out denial-of-service attacks on a system with an available open port, according to an Aug 6 security advisory from the CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute.

    “Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service,” the report states. “An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions.”

  • Linux vulnerability could lead to DDoS attacks

    A Linux kernel vulnerability affecting version 4.9 and up could allow an attacker to carry out denial-of-service attacks on a system with an available open port, according to an advisory.

    The CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute said that patches for the vulnerability have been released.

    “Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service,” the advisory states.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Linux 4.20--rc76

Well, that's more like it. This is a *tiny* rc7, just how I like it. Maybe it's because everybody is too busy prepping for the holidays, and maybe it's because we simply are doing well. Regardless, it's been a quiet week, and I hope the trend continues. The patch looks pretty small too, although it's skewed by a couple of bigger fixes (re-apply i915 workarounds after reset, and dm zoned bio completion fix). Other than that it's mainly all pretty small, and spread out (usual bulk of drivers, but some arch updates, filesystem fixes, core fixes, test updates..) Read more Also: Linux 4.20-rc7 Kernel Released - Linux 4.20 Should Be Released In Time For Christmas

Android Leftovers

1080p Linux Gaming Performance - NVIDIA 415.22 vs. Mesa 19.0-devel RADV/RadeonSI

Stemming from the recent Radeon RX 590 Linux gaming benchmarks were some requests to see more 1080p gaming benchmarks, so here's that article with the low to medium tier graphics cards from the NVIDIA GeForce and AMD Radeon line-up while using the latest graphics drivers on Ubuntu 18.10. This round of benchmarking was done with the GeForce GTX 980, GTX 1060, GTX 1070, and GTX 1070 Ti using the newest 415.22 proprietary graphics driver. On the AMD side was using the patched Linux 4.20 kernel build (for RX 590 support) paired with Mesa 19.0-devel via the Padoka PPA while testing the Radeon RX 580 and RX 590. Read more

Sparky SU 0.1.0

This tool provides Yad based front-end for su (spsu) allowing users to give a password and run graphical commands as root without needing to invoke su in a terminal emulator. It can be used as a Gksu replacement to run any application as root. Read more