Headline
CVE-2018-5391: CERT/CC Vulnerability Note VU#641765
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
Overview
The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets.
Description
CWE-400: Uncontrolled Resource Consumption (‘Resource Exhaustion’) - CVE-2018-5391
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly.
An attacker may cause a denial of service condition by sending specially crafted IP fragments.
Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
Impact
An attacker may be able to trigger a denial-of-service condition against the system.
Solution
Apply a patch
Patches are available from OS vendors to address the vulnerability.
If you are unable to apply a patch, see the following mitigations:
Modify Default Configurations
Change the (default) values of
net.ipv4/ipv6.ipfrag_high_thresh
and
net.ipv4/ipv6.ipfrag_low_thresh
back to 256kB and 192 kB (respectively) or below.
Example:
sysctl -w net.ipv4.ipfrag_low_thresh=196608
sysctl -w net.ipv4.ipfrag_high_thresh=262144
sysctl -w net.ipv6.ip6frag_low_thresh=196608
sysctl -w net.ipv6.ip6frag_high_thresh=262144
Update:
Further testing shows that these mitigations are not a 100% fix. A significantly strong attack will still result in a denial of service condition.
Revert Commit
Another sufficient mitigation is to revert the commit
c2a936600f78aea00d3312ea4b66a79a4619f9b4
Vendor Information
Filter by content: Additional information available
Sort by:
CVSS Metrics
Group
Score
Vector
Base
7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Temporal
6.6
E:U/RL:ND/RC:ND
Environmental
6.6
CDP:ND/TD:H/CR:ND/IR:ND/AR:ND
References****Acknowledgements
Thanks to Juha-Matti Tilli (Aalto University, Department of Communications and Networking / Nokia Bell Labs) for reporting this vulnerability.
This document was written by Trent Novelly.
Other Information
CVE IDs:
CVE-2018-5391
Date Public:
2018-08-14
Date First Published:
2018-08-14
Date Last Updated:
2018-10-12 12:31 UTC
Document Revision:
37
Related news
The health, manufacturing, and energy sectors are the most vulnerable to ransomware.
New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft.