A flaw was found in the implementation of the Linux kernels handling of networking challenge ack where an attacker is able to determine the shared counter. This may allow an attacker located on different subnet to inject or take over a TCP connection between a server and client without having to be a traditional Man In the Middle (MITM) style attack. OSS-Security post: http://seclists.org/oss-sec/2016/q3/44 Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1355615]
Statement: This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5.
Acknowledgements: Name: Yue Cao (Cyber Security Group of the CS department of University of California in Riverside)
Here's v2 of the patch (which is the version which was merged into the network tree): https://www.mail-archive.com/netdev@vger.kernel.org/msg118824.html
kernel-4.6.4-201.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.6.4-301.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
External References: http://lwn.net/Articles/696868/
In the changelog to kernel-core-4.6.5-301.fc24 (and subsequent kernels) it has: > * Tue Jul 12 2016 Josh Boyer <xxxxxxxxxxxxxxxxxxxxxxxx> - 4.6.4-301 > - CVE-2016-5389 CVE-2016-5969 tcp challenge ack info leak (rhbz 1354708 1355615) Can you confirm whether "CVE-2016-5969" is in fact a typo for "CVE-2016-5696"? Thanks!
(In reply to Steve Bryant from comment #24) > In the changelog to kernel-core-4.6.5-301.fc24 (and subsequent kernels) it > has: > > > * Tue Jul 12 2016 Josh Boyer <xxxxxxxxxxxxxxxxxxxxxxxx> - 4.6.4-301 > > - CVE-2016-5389 CVE-2016-5969 tcp challenge ack info leak (rhbz 1354708 1355615) > > Can you confirm whether "CVE-2016-5969" is in fact a typo for > "CVE-2016-5696"? Indeed, it is a typo.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1632 https://rhn.redhat.com/errata/RHSA-2016-1632.html
This issue has been addressed in the following products: MRG for RHEL-6 v.2 Via RHSA-2016:1631 https://rhn.redhat.com/errata/RHSA-2016-1631.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1633 https://rhn.redhat.com/errata/RHSA-2016-1633.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.1 Extended Update Support Via RHSA-2016:1657 https://rhn.redhat.com/errata/RHSA-2016-1657.html
Hi, Is there an ETA , or a plan at all, to backport the fixes to EL6 ? Thanks
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:1664 https://rhn.redhat.com/errata/RHSA-2016-1664.html
When I take an interim action, how much should be the number of challenge ack?
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2016:1814 https://rhn.redhat.com/errata/RHSA-2016-1814.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Via RHSA-2016:1815 https://rhn.redhat.com/errata/RHSA-2016-1815.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Extended Update Support Via RHSA-2016:1939 https://rhn.redhat.com/errata/RHSA-2016-1939.html