Ask the Community
Groups
CVE-2016-5696: kernel: challenge ACK counter disclosure - Connect IT Community | Kaseya
<main> <article class="userContent"> <h3 data-id="cve-id"><strong>CVE ID</strong></h3> <p>CVE-2016-5696</p> <h3 data-id="description"><strong>DESCRIPTION</strong></h3> <p>It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.<br>Unitrends risk assessment: <b>Low</b> (Attack Complexity= High, Integrity Impact = Low, Availability Impact = Low)<br>The key impact of a successful complex attack would be wrongly terminated TCP connections.</p> <h3 data-id="resolution"><strong>RESOLUTION</strong></h3> <p>For CentOS6, resolved in <u>kernel-2.6.32-642.4.2.el6 </u>in the latest security update<br>For CentOS5, not vulnerable</p> <h3 data-id="link-to-advisories"><strong>LINK TO ADVISORIES</strong></h3> <p></p> <ul><li><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Faccess.redhat.com%2Fsecurity%2Fcve%2Fcve-2016-5696%250D%250Ahttps%3A%2F%2Frhn.redhat.com%2Ferrata%2FRHSA-2016-1664.html%250D%250Ahttps%3A%2F%2Fweb.nvd.nist.gov%2Fview%2Fvuln%2Fdetail%3FvulnId%3DCVE-2016-5696">https://access.redhat.com/security/cve/cve-2016-5696 https://rhn.redhat.com/errata/RHSA-2016-1664.html https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5696</a></li></ul> </article> </main>