Linux kernel maintainers have rolled out security updates for two DoS vulnerabilities tracked as SegmentSmack and FragmentSmack.
Linux kernel maintainers have released security patches that address two vulnerabilities, tracked as two bugs are known as SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391). potentially exploitable to trigger a DoS condition.
The vulnerabilities reside the Linux kernel’s TCP stack, an attacker can exploit them by sending malformed TCP or IP packets to cause the cause a significant resource usage in Linux-based systems.
The saturation of resources on the vulnerable system could lead to their reboot.
An attacker can exploit SegmentSmack issue via a specially crafted stream of TCP segments, while the second vulnerability, FragmentSmack, could be triggered by sending a specially crafted stream of IP datagrams.
The bug for the SegmentSmack resides in the tcp_collapse_ofo_queue() function, while the second issue affects the tcp_prune_ofo_queue() function.
“Juha-Matti Tilli reported that malicious peers could inject tiny packets in out_of_order_queue, forcing very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet.” reads the security advisory.
“With tcp_rmem default of 6MB, the ooo queue could contain ~7000 nodes. “
“Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.” states the description provided by the Mitre.
Devices running Linux kernel 4.9 and later are vulnerable to SegmentSmack, while Linux devices running Linux kernel 3.9 and later are vulnerable to FragmentSmack.
Most popular Linux distros, including Debian, Red Hat, and Ubuntu have already rolled out the security updates.
“The Linux kernel project has released an updated version that includes fixes for both [1, 2]. Companies and open source projects that use the Linux kernel for their custom operating systems will have to update the Linux kernel they use to include these two updates.” reported Bleeping Computer.
“Vendors of Linux-based SOHO routers will probably be slower in incorporating these updates. ISP-grade routers, firewall providers, cloud services, and hosting firms will also have to ship or deploy updates.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.