New vulnerabilities may let hackers remotely SACK Linux - TechAmok
New vulnerabilities may let hackers remotely SACK Linux - [security]
06:09 PM EDT - Jun,18 2019 - post a comment
The Linux and FreeBSD operating systems contain newly discovered vulnerabilities that make it easy for hackers to remotely crash servers and disrupt communications, researchers have warned. OS distributors are advising users to install patches when available or to make system settings that lower the chances of successful exploits.
The most severe of the vulnerabilities, dubbed SACK Panic, can be exploited by sending a specially crafted sequence of TCP Selective ACKnowledgements to a vulnerable computer or server. The system will respond by crashing, or in the parlance of engineers, entering a kernel panic. Successful exploitation of this vulnerability, tracked as CVE-2019-11477, results in a remote denial of service (DoS).
A second vulnerability also works by sending a series of malicious SACKs that consumes computing resources of the vulnerable system. Exploits most commonly work by fragmenting a queue reserved for retransmitting TCP packets. In some OS versions, attackers can cause what's known as an "expensive linked-list walk for subsequent SACKs." This can result in additional fragmentation, which has been dubbed "SACK slowness." Exploitation of this vulnerability, tracked as CVE-2019-11478, drastically degrades system performance and may eventually cause a complete DoS.
Both of these vulnerabilities exploit the way the OSes handle the above-mentioned TCP Selective ACKnowledgement (abbreviated SACK). SACK is a mechanism that allows a computer on the receiving end of a communication to apprise the sender of what segments have been successfully sent so that any lost ones can be resent. The parties set up the use of SACK during the three-way handshake that establishes the initial connection. The exploits work by overflowing a queue that stores received packets.
A vulnerability in FreeBSD 12 (tracked as CVE-2019-5599) works similarly to CVE-2019-11478 but instead interacts with the RACK send map of that OS.
A fourth vulnerability, tracked as CVE-2019-11479, can slow down affected systems by lowering the maximum segment size for a TCP connection. The setting causes vulnerable systems to send responses across multiple TCP segments, each of which contains only 8 bytes of data. Exploits cause the system to consume large amounts of bandwidth and resources in a way that degrades system performance. Maximum segment size is a setting contained in the header of a TCP packet that specifies the total amount of data contained in a reconstructed segment.
The vulnerabilities were discovered by researchers from Netflix and publicly reported Monday
in a disclosure that was coordinated with the affected OS developers. Linux distributions have either released patches that fix the vulnerabilities or have recommended configuration changes that mitigate them. Workarounds include blocking connections with a low MSS, disabling SACK processing, or temporarily disabling the RACK TCP stack. These changes may break legitimate connections, and in the case of the RACK TCP stack being disabled, an attacker still may be able to cause an expensive linked-list walk for subsequent SACKs received for the same TCP connection.
The above-linked Netflix disclosure and this post from security firm Tenable are good places to get additional details. Affected OS users should consult with the developers of their distribution. Redhat has a good write-up here, and write-ups from Ubuntu and Amazon are here and here.
Short overview of recent news articles
When your brain forecasts your mood (Jun,30 2020 )|
Why Russia Built a Floating Nuclear Power Plant (Jun,30 2020 )
Samsung 980 PRO Clears Korean Regulators, Comes in Three Sizes (Jun,30 2020 )
Qualcomm Refreshes Smartwatch Chips (Jun,30 2020 )
AMD Adrenalin 20.5.1 Beta driver (Jun,28 2020 )
Twitch has Banned Dr. Disrespect (Jun,27 2020 )
Twitch Streamer Alinity Banned After Nip Slip - uncensored video (Jun,27 2020 )
Microsoft Moves to Permanently Close Physical Shops (Jun,27 2020 )
Apple Responds to Your Comments! (Jun,26 2020 )
iOS 14 Will Allow Quick Biometric Login for Web Sites (Jun,26 2020 )
Microsoft Reveals List of Games Optimized For Xbox Series X (Jun,26 2020 )
Cyberpunk 2077 gameplay trailer released (Jun,25 2020 )
NVIDIA GeForce Game Ready 451.48 WHQL Drivers (Jun,24 2020 )
Kill Bill Fire Rope Dart Choreography (Jun,23 2020 )
How Strong is Chemical Metal? Hydraulic Press Test! (Jun,23 2020 )
Betting Online - Do It Right if You Want to Get More (Jun,23 2020 )
iOS 14 Promotes Widgets to Home Screen (Jun,22 2020 )
Painting a Lada with some home-brewed Vantablack paint (Jun,21 2020 )
How to end a fight in 2 seconds (Jun,20 2020 )
Microsoft is pushing out its new Edge browser to Windows 7 and 8.1 (Jun,20 2020 )
Microsoft fixes print spooler issue for the Windows 10 May 2020 (Jun,19 2020 )
Microsoft Extends its ATP Defender Protection to UEFI BIOS (Jun,19 2020 )
Robot Spy Pig Meets Komodo Dragons - It Doesn't End Well! (Jun,18 2020 )
Samsung Galaxy A71 5G Coming to All Major US Carriers (Jun,18 2020 )
Qualcomm Brings 5G and Higher Performance to Snapdragon 6 Series (Jun,18 2020 )
Twitter Starts Rolling out Audio Tweets (Jun,18 2020 )
2020 - Official Movie Trailer (Jun,17 2020 )
Netflix's The Witcher season 2 will not feature multiple timelines (Jun,17 2020 )
Intel Ice Lake CPUs Have a System Crashing Bug (Jun,15 2020 )
Here's A Knife Made By Putting Sand In The Microwave (Jun,14 2020 )
Google Releases Public Beta of Android 11 (Jun,14 2020 )
Google Stadia Now Works With Most Android Phones and Without a (Jun,14 2020 )
Developer Warns VR Headset Damaged Eyesight (Jun,14 2020 )
Get Hitman: Absolution for Free (GOG) (Jun,12 2020 )
EUROVISION SONG CONTEST: The Story Of Fire Saga (Jun,12 2020 )
Samsung 980 Pro PCIe 4.0 SSD Rumored to Launch Within Two Months (Jun,12 2020 )
PS5 hardware revealed (Jun,11 2020 )
Get Ark Survival Evolved for free (Jun,11 2020 )
BILL & TED FACE THE MUSIC Official Trailer #1 (2020) (Jun,10 2020 )
A Hilarious Ad Campaign About Talking To Your Kids About Porn (Jun,10 2020 )
HARRY POTTER Theme but played on my WASHER & DRYER (Jun,10 2020 )
CrossTalk is Another Intel-exclusive Security Vulnerability (Jun,10 2020 )
The Windows 10 May 2020 Update is rolling out to more people today (Jun,10 2020 )
Using the 'shadow-effect' to generate electricity (Jun,10 2020 )
New Mobile Video Service is 100% Interactive (Jun,10 2020 )
Apple to Announce its own Mac Processor at WWDC (Late June) (Jun,09 2020 )
Intel Core i7-10700K 5.1 GHz CPU for $559 (Jun,09 2020 )
Can Wild Parrots Solve Puzzles? (Jun,08 2020 )
Itch.io offers 300+ games for just $5 (Jun,08 2020 )
Twitch is Being Flooded With DMCA Takedown Requests (Jun,08 2020 )
>> News Archive <<