Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2018-5391: CERT/CC Vulnerability Note VU#641765

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

CVE
#vulnerability#linux#dos#nokia

Overview

The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets.

Description

CWE-400: Uncontrolled Resource Consumption (‘Resource Exhaustion’) - CVE-2018-5391

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly.

An attacker may cause a denial of service condition by sending specially crafted IP fragments.

Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

Impact

An attacker may be able to trigger a denial-of-service condition against the system.

Solution

Apply a patch
Patches are available from OS vendors to address the vulnerability.

If you are unable to apply a patch, see the following mitigations:

Modify Default Configurations
Change the (default) values of

net.ipv4/ipv6.ipfrag_high_thresh

and

net.ipv4/ipv6.ipfrag_low_thresh

back to 256kB and 192 kB (respectively) or below.

Example:

sysctl -w net.ipv4.ipfrag_low_thresh=196608
sysctl -w net.ipv4.ipfrag_high_thresh=262144
sysctl -w net.ipv6.ip6frag_low_thresh=196608
sysctl -w net.ipv6.ip6frag_high_thresh=262144

Update:
Further testing shows that these mitigations are not a 100% fix. A significantly strong attack will still result in a denial of service condition.

Revert Commit
Another sufficient mitigation is to revert the commit

c2a936600f78aea00d3312ea4b66a79a4619f9b4

Vendor Information

Filter by content: Additional information available

Sort by:

CVSS Metrics

Group

Score

Vector

Base

7.8

AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal

6.6

E:U/RL:ND/RC:ND

Environmental

6.6

CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References****Acknowledgements

Thanks to Juha-Matti Tilli (Aalto University, Department of Communications and Networking / Nokia Bell Labs) for reporting this vulnerability.

This document was written by Trent Novelly.

Other Information

CVE IDs:

CVE-2018-5391

Date Public:

2018-08-14

Date First Published:

2018-08-14

Date Last Updated:

2018-10-12 12:31 UTC

Document Revision:

37

Related news

Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems

The health, manufacturing, and energy sectors are the most vulnerable to ransomware.

Majority of Ransomware Attacks Last Year Exploited Old Bugs

New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907