Linux Kernel TCP sequence digital generation Security Vulnerability

Release date:
Updated on:

Affected Systems:
Linux kernel 2.6.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49289
Cve id: CVE-2011-3188

Linux Kernel is the Kernel of the Linux operating system.

Linux Kernel has a security vulnerability in the implementation of TCP sequence array generation. Remote attackers can exploit this vulnerability to inject arbitrary packets to TCP sessions and perform unauthorized operations. By injecting SYN or RST packets to a TCP session, a Denial-of-Service (DoS) occurs and the established connection is terminated. Other attacks, such as man-in-the-middle attacks, may also occur.

<* Source: Dan Kaminsky

Link: http://lwn.net/Articles/455135/
Http://git.kernel.org /? P = linux/kernel/git/torvalds/linux-2.6.git; a = commitdiff; h = bc0b96b54a21246e377122d54569eef71cec535f
Http://git.kernel.org /? P = linux/kernel/git/torvalds/linux-2.6.git; a = commitdiff; h = 6e5714eaf77d79ae1c8b47e3e040ff5411b717ec
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.kernel.org/