{ "threat_severity" : "Important", "public_date" : "2016-07-12T00:00:00Z", "bugzilla" : { "description" : "kernel: challenge ACK counter information disclosure.", "id" : "1354708", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1354708" }, "cvss" : { "cvss_base_score" : "5.8", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status" : "verified" }, "cvss3" : { "cvss3_base_score" : "4.8", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-203", "details" : [ "net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.", "It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network." ], "statement" : "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5.", "acknowledgement" : "Red Hat would like to thank Yue Cao (Cyber Security Group of the CS department of University of California in Riverside) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2016-08-23T00:00:00Z", "advisory" : "RHSA-2016:1664", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "kernel-0:2.6.32-642.4.2.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date" : "2016-09-06T00:00:00Z", "advisory" : "RHSA-2016:1814", "cpe" : "cpe:/o:redhat:rhel_aus:6.5", "package" : "kernel-0:2.6.32-431.73.2.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.6 Extended Update Support", "release_date" : "2016-09-27T00:00:00Z", "advisory" : "RHSA-2016:1939", "cpe" : "cpe:/o:redhat:rhel_eus:6.6", "package" : "kernel-0:2.6.32-504.52.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.7 Extended Update Support", "release_date" : "2016-09-06T00:00:00Z", "advisory" : "RHSA-2016:1815", "cpe" : "cpe:/o:redhat:rhel_eus:6.7", "package" : "kernel-0:2.6.32-573.34.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-08-18T00:00:00Z", "advisory" : "RHSA-2016:1632", "cpe" : "cpe:/a:redhat:rhel_extras_rt:7", "package" : "kernel-rt-0:3.10.0-327.28.3.rt56.235.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-08-18T00:00:00Z", "advisory" : "RHSA-2016:1633", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-0:3.10.0-327.28.3.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.1 Extended Update Support", "release_date" : "2016-08-23T00:00:00Z", "advisory" : "RHSA-2016:1657", "cpe" : "cpe:/o:redhat:rhel_eus:7.1", "package" : "kernel-0:3.10.0-229.40.1.ael7b" }, { "product_name" : "Red Hat Enterprise MRG 2", "release_date" : "2016-08-18T00:00:00Z", "advisory" : "RHSA-2016:1631", "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package" : "kernel-rt-1:3.10.0-327.rt56.195.el6rt" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 4", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:4" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-5696\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5696\nhttp://lwn.net/Articles/696868/" ], "csaw" : true, "name" : "CVE-2016-5696" }