Vulnerabilities

New vulnerabilities found on Linux and FreeBSD devices

Digital forensics services researchers warn that Linux and FreeBSD operating systems contain vulnerabilities that allow hackers to remotely lock servers and disrupt admins’ communications.

Operating system distributors have recommended
that users install update patches as soon as they are released or otherwise
modify the necessary settings to reduce the risk of exploitation.

According to digital forensics services experts,
the most severe of the flaws, known as SACK Panic, can be exploited by mass
sending a specially designed TCP sequence; in response, the compromised system
will collapse (a state known as kernel panic). If successful, the attacker will
generate a remote denial of service (DoS) condition.

The second flaw found also works by sending
malicious TCP sequences that generate high consumption in the system. In some
versions of the operating system, attackers can cause what is known as an
“expensive list of linked links for subsequent SACK”, which can
result in additional fragmentation.

The two vulnerabilities
exploit the way operating systems manage TCP Selective ACKnowledgements
(abbreviated as SACK); according to digital forensics services experts, this is
a mechanism that allows a receiving computer in a communication process to
inform the sender of the segments it has successfully sent in order to forward
the lost segments. Experts also reported a critical vulnerability in FreeBSD 12
that works similarly, but interacting with the RACK send map in the operating
system.

Finally, experts found a flaw that can slow
down impacted systems by reducing the maximum size of segments of a TCP
connection. The maximum size of these segments is a configuration present in
the header of a TCP packet that specifies the amount of data contained in the
segment.  

According to International Institute of Cyber
Security (IICS) experts, Linux distributions are about to release patches to
fix these bugs, including blocking connections with low MSS, disabling SACK
processing, or temporary deactivation of the TCP RACK stack.

To Top

Pin It on Pinterest

Share This