PSIRT

Linux kernel - challange ack information leak

Summary

net/ipv4/tcp_input.c in certain Linux kernel versions does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

Affected Products

FortiOS versions

<ul>
<li>5.2.8 and below</li>

&lt;li&gt;5.4.0 &amp; 5.4.1&lt;/li&gt;

</ul>
FortiAnalyzer versions 5.4.0 & 5.4.1

Solutions

For FortiOS, upgrade to versions

5.2.9 or
5.4.2 or
5.6.0 or
5.4.2 or
upcoming 5.6.0

References

https://nvd.nist.gov/vuln/detail/CVE-2016-5696

IR Number	FG-IR-16-047
Published Date	Apr 4, 2017
Severity	Medium
Discovered	Third-Party Library
Attack Type	Unauthenticated
Known Exploited	No
CVSSv3 Score	0
Impact	Information disclosure
CVE ID
Download	CVRF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

Linux kernel - challange ack information leak

Summary

Affected Products

Solutions

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

Linux kernel - challange ack information leak

Summary

Affected Products

Solutions

References

Threat Intelligence
Center