*** This bug is a security vulnerability *** Public security bug reported:
Description net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack. Ubuntu-Description Yue Cao et al discovered a flaw in the TCP implementation's handling of challenge acks in the Linux kernel. A remote attacker could use this to cause a denial of service (reset connection) or inject content into an TCP stream. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696 https://www.mail-archive.com/netdev@vger.kernel.org/msg118677.html http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758 https://lwn.net/Articles/696868/ ** Affects: linux-lts-trusty (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1615835 Title: CVE-2016-5696 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-lts-trusty/+bug/1615835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
