net/ipv4/tcp_input.c in the Linux kernel prior to 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote malicious users to hijack TCP sessions via a blind in-window attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android |
||
oracle vm server 3.4 |
||
oracle vm server 3.3 |
||
linux linux kernel |
TCP exploit lets hackers get at your plaintext web traffic
A previously identified Linux flaw, which allows anyone to hijack internet traffic, also affects 80 per cent of Android devices. The original vulnerability, which was reported this spring, involves a critical exploit in TCP that lets hackers obtain unencrypted traffic and degrade encrypted traffic to spy on victims. The security flaw, which was presented by security researchers from the University of California, Riverside and the United States Army Research Laboratory, at the Usenix security con...