Shared challenge ack vulnerability - CVE-2016-5696

The Red Hat Product Security has been made aware of a vulnerability in the Linux kernel that has been assigned CVE-2016-5696 . This issue has been rated as Important .

Background Information

Researchers have discovered a flaw in the Linux kernel’s TCP/IP networking subsystem implementation of the RFC 5961 challenge ACK rate limiting, that could allow an off-path attacker to inject payload into unsecured TCP connections.

Take Action

All Red Hat customers with affected products deployments are recommended to apply mitigations to their systems until the updated kernel packages are available. Recommended mitigations can be found under the Resolve tab.

Acknowledgments

Red Hat would like to thank Yue Cao of the Cyber Security Group in the CS Department of the University of California, Riverside for reporting this issue.

Red Hat Product Security has rated this update as having a security impact of Important .

Impacted Products

The following Red Hat Product versions are impacted, earlier versions are not affected:

• Red Hat Enterprise Linux 6.5 and later
• Red Hat Enterprise Linux 7
• Red Hat Enterprise MRG 2

Attack description and impact

This flaw allows an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two given endpoints on the network.