What Do I Need To Know about "SegmentSmack"

What Do I Need To Know about "SegmentSmack"
"SegmentSmack" is yet another branded vulnerability, also known as CVE-2018–5390. It hit the "news" yesterday. Succesful exploitation may lead to a denial of service against a targeted system. At this point, not a lot is known about this vulnerability. But here are some highlights: Linux Kernel 4.9 is vulnerable. Older versions are not vulnerable. However, some Linux distributions like RedHat ES 6 and 7 include the vulnerable code as they backported some of the 4.9 networking code into their kernels An attacker should not be able to exploit this vulnerability using a spoofed IP address. The attacker needs to first establish a TCP connection which is very difficult with a spoofed address. It is not known how much traffic the attacker will have to send. But likely not more than a user would send in a normal TCP connection. The attack can be launched against any exposed TCP service (Web, Mail, DNS...) The vulnerable functions, tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(), are used to deal with reassembling TCP segments. This likely implies that an exploit would use many out of order or otherwise abnormal packets. But this is just a guess at this point. If you are vulnerable, your best bet is to update. There is likely not much else you can do (e.g. firewall rules) You can find more details here: https://www.kb.cert.org/vuls/id/962459 --- Johannes B. Ullrich, Ph.D., Dean of Research, SANS Technology Institute Twitter\|	Johannes 3910 Posts ISC Handler Aug 8th 2018
Subscribe	Aug 8th 2018 1 year ago
The same vulnerability is also in FreeBSD and potentially other OSs also. https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc	Anonymous
Quote	Aug 8th 2018 1 year ago
Could Windows OSs have this vulnerability or is this one contained to Linux?	Henderson 1 Posts
Quote	Aug 10th 2018 1 year ago
Is it possible to detect Segment and/or Fragment Smack using Snort?	Anonymous
Quote	Aug 28th 2018 1 year ago