[ubuntu-hardened] CVE-2016-5696: Linux kernel tcp stack implementation (off-path blind TCP session attack).
daniel curtis
sidetripping at gmail.com
Sat Aug 13 13:19:29 UTC 2016
Hello.
There is a vulnerability in the Linux kernel's tcp stack implementation
(kernel versions 3.6 to 4.6) [1]. Since, no patch is available yet, users
can use sysctl to set the challenge ACK limit.
It seems that Linux kernel (ver. 4.7) resolve this vulnerability by
randomizing the maximum number challenge ACKs sent per second and enforcing
the per-socket challenge ACK limits etc.
So, I would like to ask a question: can I change 'tcp_challenge_ack_limit'
from a default value: '100' (available in 12.04 LTS release) to e.g.
'1000'?
For more informations see also: [2] and [3].
Best regards.
_____________
[1]
https://blogs.akamai.com/2016/08/vulnerability-in-the-linux-kernels-tcp-stack-implementation.html
[2] https://lists.debian.org/debian-security/2016/08/msg00035.html
[3] https://security-tracker.debian.org/tracker/CVE-2016-5696
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20160813/c891081f/attachment.html>
More information about the ubuntu-hardened
mailing list