| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200325082611.1cb94f97@hermes.lan>
Date: Wed, 25 Mar 2020 08:26:11 -0700
From: Stephen Hemminger <stephen@...workplumber.org>
To: netdev@...r.kernel.org
Subject: Fw: [Bug 206945] New: downgrading IPID assignment for TCP datagrams
Begin forwarded message:
Date: Wed, 25 Mar 2020 08:49:38 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: stephen@...workplumber.org
Subject: [Bug 206945] New: downgrading IPID assignment for TCP datagrams
https://bugzilla.kernel.org/show_bug.cgi?id=206945
Bug ID: 206945
Summary: downgrading IPID assignment for TCP datagrams
Product: Networking
Version: 2.5
Kernel Version: since kernel 3.9
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: high
Priority: P1
Component: IPV4
Assignee: stephen@...workplumber.org
Reporter: fengxw18@...ls.tsinghua.edu.cn
Regression: No
Through sending a forged ICMP "Fragmentation Needed" message to the Linux host,
an off-path attacker can clear the DF (Don't Fragment) flag in IP header, thus
downgrading the IPID assignment for TCP datagrams from the more secure
per-socket
based counter to hash based counter (since kernel version 3.9). Then the
attacker
can detect a shared IPID counter via hash collisions, which forms a
side-channel.
By observing the side channel, the attacker can hijack TCP connections on
the vulnerable Linux host completely off-path.
--
You are receiving this mail because:
You are the assignee for the bug.
Powered by blists - more mailing lists