Linux distributions have flagged patches for two bugs in the Linux kernel that could allow remote attackers to trigger a denial of service (DoS) on machine.
Ubuntu, RedHat and other maintainers of Linux operating systems are releasing patches for the the bugs. One is called “FragmentSmack” since the DoS can be triggered by the way the Linux kernel reassembles fragmented Internet Protocol version 4 (IPv4) and IPv6 packets.
The US CERT Coordination Center posted an alert about the security issue, tagged with the ID CVE-2018-5391, and notes the issue affects versions 3.9 and above of the Linux kernel.
The kernel bug allows an attacker to send a low rate of specially crafted IP packet fragments that can trigger excessive RAM consumption that ultimately saturates the CPU and knocks, making the system unavailable.
It’s possible that many network, computer and mobile vendors are affected and follows the recent discovery of another related kernel bug that RedHat called SegmentSmack, which allowed an attacker to cause a DoS using a low rate of TCP packets.
RedHat warned last week that SegmentSmack, in a “worst case scenario”, allowed an attacker stall a vulnerable host or device with less than 2,000 packets per second (2 kpps) of attack traffic, which is considered a low-speed attack.
However, in the case of SegmentSmack the DoS required “continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses.”
RedHat has rated both SegmentSmack and FragmentSmack as “high severity” issues. It has provided a mitigation that based on tests with a 32-core system could neutralize a high-speed attack of around 500 kpps.
A remote attacker could use FragmentSmack to trigger expensive time and calculation operations in the kernel’s fragment reassembly algorithm by sending the specially crafted packets.
A 30 apps attack on a physical system running on a 1.7GHz Intel Xeon CPI with 32 cores, for example, could look like a “complete saturation of a core”, which would stall a system, according to RedHat.
Both Smack attacks stem from the algorithms used in the Linux kernel network stack and all of Red Hat’s, including RedHat Enterprise Linux (RHEL) 6, RHEL 7, RHEL 7 for ARM and IBM POWER, with “moderately new” versions of the Linux kernel versions affected, with the exception of RHEL-5 where maintainers found that only a “high-speed” attack of 1,000 packets per second (1Mpps) could “barely saturate” a single CPU core.
Join the newsletter!
Error: Please check your email address.
>> Source Link