漏洞信息
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments.
An attacker which knows a connections client IP, server IP and server port can abuse the challenge ACK mechanism to determine the accuracy of a normally 'blind' attack on the client or server.
This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5.
漏洞危害
On successful exploitation it leads to identify hosts communicating over the protocol and ultimately attack that traffic.
解决方案
There are no vendor supplied patches available at this time.
Refer to Redhat advisory CVE-2016-5696
www.0daybank.org
文章评论