What Do I Need To Know about "SegmentSmack" - SANS Internet Storm Center

What Do I Need To Know about "SegmentSmack"
"SegmentSmack" is yet another branded vulnerability, also known as CVE-2018–5390. It hit the "news" yesterday. Succesful exploitation may lead to a denial of service against a targeted system. At this point, not a lot is known about this vulnerability. But here are some highlights: Linux Kernel 4.9 is vulnerable. Older versions are not vulnerable. However, some Linux distributions like RedHat ES 6 and 7 include the vulnerable code as they backported some of the 4.9 networking code into their kernels An attacker should not be able to exploit this vulnerability using a spoofed IP address. The attacker needs to first establish a TCP connection which is very difficult with a spoofed address. It is not known how much traffic the attacker will have to send. But likely not more than a user would send in a normal TCP connection. The attack can be launched against any exposed TCP service (Web, Mail, DNS...) The vulnerable functions, tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(), are used to deal with reassembling TCP segments. This likely implies that an exploit would use many out of order or otherwise abnormal packets. But this is just a guess at this point. If you are vulnerable, your best bet is to update. There is likely not much else you can do (e.g. firewall rules) You can find more details here: https://www.kb.cert.org/vuls/id/962459 --- Johannes B. Ullrich, Ph.D., Dean of Research, SANS Technology Institute Twitter\| Defending Web Applications Security Essentials - SANS Amsterdam September 2018	Johannes 3321 Posts ISC Handler
Reply Subscribe	Aug 8th 2018 1 week ago
The same vulnerability is also in FreeBSD and potentially other OSs also. https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc	Anonymous
Reply Quote	Aug 8th 2018 1 week ago
Could Windows OSs have this vulnerability or is this one contained to Linux?	Henderson 1 Posts
Reply Quote	Aug 10th 2018 1 week ago