Lucene search

Veracode Vulnerability DatabaseVERACODE:12138

HistoryJan 15, 2019 - 9:12 a.m.

TCP Session Hijack

2019-01-1509:12:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

JSON

kernel-rt is vulnerable to TCP session hijack attacks. The vulnerability exists as net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

CPENameOperatorVersion
kernel-rteq3.10.0__229.rt56.162.el6rt
kernel-rteq3.0.36__rt57.66.el6rt
kernel-rteq3.10.0__229.rt56.153.el6rt
kernel-rteq3.0.9__rt26.46.el6rt
kernel-rteq3.8.13__rt14.20.el6rt
kernel-rteq3.0.9__rt26.45.el6rt
kernel-rteq3.10.0__229.rt56.158.el6rt
kernel-rteq3.10.0__327.rt56.176.el6rt
kernel-rteq3.6.11__rt28.20.el6rt
kernel-rteq3.0.30__rt50.62.el6rt

Name	Operator	Version
kernel-rt	eq	3.10.0__229.rt56.162.el6rt
kernel-rt	eq	3.0.36__rt57.66.el6rt
kernel-rt	eq	3.10.0__229.rt56.153.el6rt
kernel-rt	eq	3.0.9__rt26.46.el6rt
kernel-rt	eq	3.8.13__rt14.20.el6rt
kernel-rt	eq	3.0.9__rt26.45.el6rt
kernel-rt	eq	3.10.0__229.rt56.158.el6rt
kernel-rt	eq	3.10.0__327.rt56.176.el6rt
kernel-rt	eq	3.6.11__rt28.20.el6rt
kernel-rt	eq	3.0.30__rt50.62.el6rt

Rows per page:

1-10 of 701

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758

rhn.redhat.com/errata/RHSA-2016-1631.html

rhn.redhat.com/errata/RHSA-2016-1632.html

rhn.redhat.com/errata/RHSA-2016-1633.html

rhn.redhat.com/errata/RHSA-2016-1657.html

rhn.redhat.com/errata/RHSA-2016-1664.html

rhn.redhat.com/errata/RHSA-2016-1814.html

rhn.redhat.com/errata/RHSA-2016-1815.html

rhn.redhat.com/errata/RHSA-2016-1939.html

source.android.com/security/bulletin/2016-10-01.html

www.openwall.com/lists/oss-security/2016/07/12/2

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.prnewswire.com/news-releases/mitnick-attack-reappears-at-geekpwn-macau-contest-300270779.html

www.securityfocus.com/bid/91704

www.securitytracker.com/id/1036625

www.ubuntu.com/usn/USN-3070-1

www.ubuntu.com/usn/USN-3070-2

www.ubuntu.com/usn/USN-3070-3

www.ubuntu.com/usn/USN-3070-4

www.ubuntu.com/usn/USN-3071-1

www.ubuntu.com/usn/USN-3071-2

www.ubuntu.com/usn/USN-3072-1

www.ubuntu.com/usn/USN-3072-2

access.redhat.com/security/updates/classification/#important

bto.bluecoat.com/security-advisory/sa131

bugzilla.redhat.com/show_bug.cgi?id=1354708

github.com/Gnoxter/mountain_goat

github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758

kc.mcafee.com/corporate/index?page=content&id=SB10167

rhn.redhat.com/errata/RHSA-2016-1631.html

security.paloaltonetworks.com/CVE-2016-5696

www.arista.com/en/support/advisories-notices/security-advisories/1461-security-advisory-23

www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_cao.pdf

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

JSON

TCP Session Hijack

References

Related