Arch Linux Security Advisory ASA-201608-13 ========================================== Severity: High Date : 2016-08-14 CVE-ID : CVE-2016-5696 Package : linux-grsec Type : information disclosure Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package linux-grsec before version 4.7.201608131240-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 4.7.201608131240-1. # pacman -Syu "linux-grsec>=4.7.201608131240-1" The problem has been fixed upstream in version 4.7.201608131240. Workaround ========== The challenge ACK rate limiting can be entirely disabled by setting net.ipv4.tcp_challenge_ack_limit to a very high value. This can be done by creating a new file in the /etc/sysctl.d/ directory containing the following line: net.ipv4.tcp_challenge_ack_limit = 999999999 then issuing the following command so that the new file is taken into account: # sysctl --system Please be aware that this workaround should be removed as soon as a patched kernel has been installed, as ACK rate limiting is a useful security feature. Description =========== A security issue has been found in the Linux kernel's implementation of challenge ACKs as specified in RFC 5961. An attacker which knows a connection's client IP, server IP and server port can abuse the challenge ACK mechanism to determine the accuracy of a normally 'blind' attack on the client or server. Successful exploitation of this flaw could allow a remote attacker to inject or control a TCP stream contents in a connection between a Linux device and its connected client/server. Impact ====== A remote attacker can detect, control and inject content into a TCP stream. References ========== http://seclists.org/oss-sec/2016/q3/44 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7... https://access.redhat.com/security/cve/CVE-2016-5696