Batten down the ports: Linux networking bug SegmentSmack could remotely crash systems
Patches incoming for kernel versions 4.9 and up
A networking flaw has been discovered in the Linux kernel that could trigger a remote denial-of-service attack.
Versions 4.9 and up are "vulnerable to denial-of-service conditions with low rates of specially crafted packets", according to a US-CERT advisory this week. The bug is being tracked as SegmentSmack (CVE-2018-5390).
SegmentSmack – which sounds a bit like an American wrestler whose speciality is to close bouts just before an ad break – has prompted fixes for a wide variety of networking kit.
The flaw could be worse – there's no remote code execution – but it's an issue because hackers may be able to remotely tie up or crash vulnerable systems provided they are configured with an open port. Firewalls are a sufficient defence here.
Fortunately patches are already available to address the vulnerability from a long list of networking, security, storage and open-source OS vendors.
Most enterprise-grade Linux distributions do not yet use kernel 4.9 or above so aren't immediately affected.
Chris O'Brien, director of intelligence operations at EclecticIQ, said:
"If leveraged, the flaw allows a single attacker to compromise the availability of a remote server by saturating resources. Due to the wide number of vendors affected and the difficulty in patching kernels on embedded systems, EclecticIQ anticipates a large impact should a working proof-of-concept be published in the coming days."
UK cybersecurity pro Kevin Beaumont also noted that no proof-of-concept for the exploit is available at the moment. In a blog post, Beaumont agreed that most enterprise-grade Linux distros wouldn't be affected, but warned that "some may have backported the netcode to older kernels" leaving these systems vulnerable as a result. ®