Batten down the ports: Linux networking bug SegmentSmack could remotely crash systems

Patches incoming for kernel versions 4.9 and up

A networking flaw has been discovered in the Linux kernel that could trigger a remote denial-of-service attack.

Versions 4.9 and up are "vulnerable to denial-of-service conditions with low rates of specially crafted packets", according to a US-CERT advisory this week. The bug is being tracked as SegmentSmack (CVE-2018-5390).

SegmentSmack – which sounds a bit like an American wrestler whose speciality is to close bouts just before an ad break – has prompted fixes for a wide variety of networking kit.

The flaw could be worse – there's no remote code execution – but it's an issue because hackers may be able to remotely tie up or crash vulnerable systems provided they are configured with an open port. Firewalls are a sufficient defence here.

Fortunately patches are already available to address the vulnerability from a long list of networking, security, storage and open-source OS vendors.

Most enterprise-grade Linux distributions do not yet use kernel 4.9 or above so aren't immediately affected.

Chris O'Brien, director of intelligence operations at EclecticIQ, said:

"If leveraged, the flaw allows a single attacker to compromise the availability of a remote server by saturating resources. Due to the wide number of vendors affected and the difficulty in patching kernels on embedded systems, EclecticIQ anticipates a large impact should a working proof-of-concept be published in the coming days."

UK cybersecurity pro Kevin Beaumont also noted that no proof-of-concept for the exploit is available at the moment. In a blog post, Beaumont agreed that most enterprise-grade Linux distros wouldn't be affected, but warned that "some may have backported the netcode to older kernels" leaving these systems vulnerable as a result. ®




Biting the hand that feeds IT © 1998–2018