Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.8
CVSSv3

CVE-2016-5696

Published: 06/08/2016 Updated: 17/11/2021
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.8 | Impact Score: 2.5 | Exploitability Score: 2.2
VMScore: 518
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Subscribe to Google

Vulnerability Summary

net/ipv4/tcp_input.c in the Linux kernel prior to 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote malicious users to hijack TCP sessions via a blind in-window attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android

oracle vm server 3.4

oracle vm server 3.3

linux linux kernel

Vendor Advisories

Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Debian Security Advisories: DSA-3659-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts CVE-2016-5696 Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V Krishnamurthy of the University of California, Riverside; and Lisa M Marvel of the United States Army Research L ...
Amazon Linux AMI: ALAS-2016-726
It was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL (CVE-2016-1237) A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-xenial vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-snapdragon vulnerabilities
Several security issues were fixed in the kernel ...
Red Hat: CVE-2016-5696
It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets An off-path attacker could use ...
Huawei Security Advisories: Huawei PSIRT: Technical Analysis Report Regarding Finite State Supply Chain Assessment
Corporate Worldwide Log in ...

Github Repositories

https://github.com/eagleusb/awesome-repositories

Personal representation of my 4k github repositories stars.

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Assembly Astro Ballerina Batchfile Bikeshed BitBake C C# C++ CSS Clojure CodeQL CoffeeScript Crystal D Dart Dhall Dockerfile Elixir Elm Emacs Lisp Erlang FreeMarker G-code Go Groovy HCL HLSL HTML Hack Handlebars Haskell Java JavaScript Jinja Jsonnet Jupyter Notebook Kotlin Lua M MDX Makefile Mar

https://github.com/nogoegst/grill

global rate-limiting in Linux (CVE-2016-5696) scanner

grill grill, aka global rate-limiting in Linux, is a scanner for CVE-2016-5696 (pure TCP off-path) Install $ go get githubcom/nogoegst/grill Caveats Don't ever use wireless links on the way to the hosts Constant packet loss and retransmisions drastically reduce scan accuracy Use less NATs as possible (down to 0), they introduce d

https://github.com/violentshell/rover

Proof of Concept code for CVE-2016-5696

rover Proof of Concept code for CVE-2016-5696 Rover is a small python program to discover abitrary client source ports as shown in CVE-2016-569 Once the source port is known, the 4 tuple of information needed to confirm that two host are communicating can be completed When run, rover establishes a connection with the target server, syncs its internal clock to the server chall

https://github.com/Gnoxter/mountain_goat

A PoC demonstrating techniques exploiting CVE-2016-5696 Off-Path TCP Exploits: Global Rate Limit Considered Dangerous

Hi, I'm a mountain goat and I'm going to ram your TCP connections, because that's a pretty goat thing to do

https://github.com/jduck/challack

Proof-of-concept exploit code for CVE-2016-5696

Proof-of-concept code for CVE-2016-5696 This code currently allows reseting connections or injecting into sessions The attack is implemented against both clients and servers For detailed information, consult the original publication: Off-Path TCP Exploits: Global Rate Limit Considered Dangerous Requirements You need to be able to spoof packets (no egress filtering) You'

https://github.com/Subbuleo23/Cyberphantom

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Assembly Astro Ballerina Batchfile Bikeshed BitBake C C# C++ CSS Clojure CodeQL CoffeeScript Crystal D Dart Dhall Dockerfile Elixir Elm Emacs Lisp Erlang FreeMarker G-code Go Groovy HCL HLSL HTML Hack Handlebars Haskell Java JavaScript Jinja Jsonnet Jupyter Notebook Kotlin Lua M MDX Makefile Mar

Recent Articles

Four in five Android devices inherit Linux snooping flaw
The Register • John Leyden • 22 Aug 2016

TCP exploit lets hackers get at your plaintext web traffic

A previously identified Linux flaw, which allows anyone to hijack internet traffic, also affects 80 per cent of Android devices. The original vulnerability, which was reported this spring, involves a critical exploit in TCP that lets hackers obtain unencrypted traffic and degrade encrypted traffic to spy on victims. The security flaw, which was presented by security researchers from the University of California, Riverside and the United States Army Research Laboratory, at the Usenix security con...

Read more...

References

CWE-200https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758https://bugzilla.redhat.com/show_bug.cgi?id=1354708http://www.openwall.com/lists/oss-security/2016/07/12/2http://www.prnewswire.com/news-releases/mitnick-attack-reappears-at-geekpwn-macau-contest-300270779.htmlhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttps://github.com/Gnoxter/mountain_goathttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://source.android.com/security/bulletin/2016-10-01.htmlhttps://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_cao.pdfhttp://www.ubuntu.com/usn/USN-3072-2http://www.ubuntu.com/usn/USN-3071-1http://rhn.redhat.com/errata/RHSA-2016-1657.htmlhttp://www.securityfocus.com/bid/91704http://www.securitytracker.com/id/1036625http://www.ubuntu.com/usn/USN-3070-3http://www.ubuntu.com/usn/USN-3070-2http://rhn.redhat.com/errata/RHSA-2016-1633.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1631.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1632.htmlhttp://www.ubuntu.com/usn/USN-3072-1https://kc.mcafee.com/corporate/index?page=content&id=SB10167http://www.ubuntu.com/usn/USN-3070-4http://rhn.redhat.com/errata/RHSA-2016-1664.htmlhttp://www.ubuntu.com/usn/USN-3070-1http://rhn.redhat.com/errata/RHSA-2016-1814.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1815.htmlhttp://www.ubuntu.com/usn/USN-3071-2https://bto.bluecoat.com/security-advisory/sa131http://rhn.redhat.com/errata/RHSA-2016-1939.htmlhttps://security.paloaltonetworks.com/CVE-2016-5696https://www.arista.com/en/support/advisories-notices/security-advisories/1461-security-advisory-23https://access.redhat.com/errata/RHSA-2016:1939https://nvd.nist.govhttps://usn.ubuntu.com/3071-2/https://www.debian.org/security/./dsa-3659
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook