Lucene search

K
archlinuxArch LinuxASA-201608-15
HistoryAug 17, 2016 - 12:00 a.m.

linux-zen: information disclosure

2016-08-1700:00:00
Arch Linux
lists.archlinux.org
31

0.004 Low

EPSS

Percentile

75.1%

A security issue has been found in the Linux kernel’s implementation of
challenge ACKs as specified in RFC 5961. An attacker which knows a
connection’s client IP, server IP and server port can abuse the
challenge ACK mechanism to determine the accuracy of a normally ‘blind’
attack on the client or server.

Successful exploitation of this flaw could allow a remote attacker to
inject or control a TCP stream contents in a connection between a Linux
device and its connected client/server.

OSVersionArchitecturePackageVersionFilename
anyanyanylinux-zen< 4.7-1UNKNOWN