Linux TCP flaw lets 'anyone' hijack Internet traffic

Someone sent me this note about a new problem with the Linux kernel. Looking around, there is lots of information about it but little which confirms when it is actually fixed.

Most articles are copies of each other and all seem to say;
>The problem exists in any operating system running Linux kernel 3.6 or newer. Linux 3.6 was introduced in 2012.
>The vulnerability allows an attacker from anywhere on the Internet to

This is rather confusing because nothing seems to say when this was patched or even if it is? For example, looking at one server, it's running 3.10 which one would assume is long patched.

Anyone know more about this?
projectsAsked:
Who is Participating?
 
Scott SilvaNetwork AdministratorCommented:
The RedHat bugzilla doesn't mention a patch being released yet. They will most likely grab the upstream fixes and backport them... That can take a little time with their regression testing... Then after RedHat releases it, Centos will... You will have to watch the kernel bug fix listings to see when it finally gets fixed...
0
 
Scott SilvaNetwork AdministratorCommented:
I would look to the creator of your distro for info on when this might be patched... For instance, RedHat is only vulnerable in Enterprise 6 and later, and since these are on support, it shouldn't take too long to fix... They say 4 and 5 are OK...

If you use a derivative, it might be a few weeks later.

Other distros should have some mention of it in their bugzilla at a minimum...

I would google CVE-2016-5696 plus your distros name for better results...
0
 
projectsAuthor Commented:
Darn, I can't edit the question. I meant to include the details.

Centos7
Linux 3.10.0-327.13.1.el7.x86_64 #1 SMP Thu Mar 31 16:04:38 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Scott SilvaNetwork AdministratorCommented:
You can try this until the patches get out in the channel...
https://community.centminmod.com/threads/linux-tcp-flaw-cve-2016-5696-allows-hackers-to-hijack-net-traffic-inject-malware-remotely.8304/

This should keep the hackers at bay for THIS one...
0
 
projectsAuthor Commented:
Yes, I know about this temporary fix but that's why I posted the question, to know if I should use it or not since it is not clear if it's been patched by now. There is mention of the problem since kernel x but no mention anywhere if it's been patched since a newer kernel version.
0
 
projectsAuthor Commented:
Or, just keep using yum update to see a new update?
I have to assume this is not as crazy as the articles seem to imply otherwise, would it not be ultra high priority?
0
 
Scott SilvaNetwork AdministratorCommented:
It does take a bit of specially crafted packets to trigger it... I don't think it is a script kiddy project...
0
 
Scott SilvaNetwork AdministratorCommented:
The kernel.org team has been releasing patches to the current kernel... It shouldn't be too long until the backports get done... It seems to be a fairly straightforward patch...
1
 
projectsAuthor Commented:
Thanks for the update Scott.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.