Vulnerability found in Linux’s TCP stack

Linux desktop and server users are advised to upgrade the latest version after the USENIX Security Symposium was told this week of a weakness in the Transmission Control Protocol (TCP) of all versions of the operating systems released since late 2012 that enables attackers to remotely hijack users’ Internet communications.

The vulnerability, (CVE-2016-5696), was found by researchers at the University of California at Riverside and detailed in a paper available here.

“The unique aspect of the attack we demonstrated is the very low requirement to be able to carry it out. Essentially, it can be done easily by anyone in the world where an attack machine is in a network that allows IP spoofing. The only piece of information that is needed is the pair of IP addresses (for victim client and server), which is fairly easy to obtain,” project advisor Zhiyun Qian, an assistant professor of computer science at UCR  said in a statement.

Researchers found a subtle flaw (in the form of ‘side channels’) in Linux that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties, the university said.

An attacker would be able to track users’ online activity, terminate connections with others and inject false material into their communications. Encrypted connections (e.g., HTTPS) are immune to data injection, but they are still subject to being forcefully terminated by the attacker. The weakness would allow attackers to degrade the privacy of anonymity networks, such as Tor, by forcing the connections to route through certain relays, the university said.

Researcher said the attack is fast and reliable, often taking less than a minute and showing a success rate of about 90 per cent.

The problem has been patched in Linux versions that have the 4.7 kernel. Administrators who can’t update quickly can work around the problem by raising the `challenge ACK limit’ to an extremely large value to make it practically impossible to exploit the side channel. This can be done on Ubuntu, for instance, opening /etc/sysctl.conf, append a command “net.ipv4.tcp_challenge_ack_limit = 999999999”. Then use “sysctl -p” to update the configuration.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now