Linux TCP Flaw Fix

18/08/2016

For those who want to know all the details here is a document which explains how this RFC 5961 flaw can be exploited:

http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf

The fix itself:

net.ipv4.tcp_challenge_ack_limit = 999999999

which is appended to

/etc/sysctl.conf file using a text editor

and applied with

sysctl -p

Most importantly a command to show if your Linux OS is patched already – I had to trawl quite a bit to find this https://community.centminmod.com/threads/linux-tcp-flaw-cve-2016-5696-allows-hackers-to-hijack-net-traffic-inject-malware-remotely.8304/

sysctl -a | grep ack_limit
net.ipv4.tcp_challenge_ack_limit = 100

As you can see from above it was set to 100 on my desktop running Ubuntu 14.04 with all the updates on 18/08/16. The default Ack Limit of 100 is what’s used the create the exploit.

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out comment
Enter name