A report on this showed up on ZDNet this morning: http://www.zdnet.com/article/linux-tcp-flaw-lets-anyone-hijack-internet-traffic
Apparently, it affects Linux 3.6 and up. Hopefully, I don't have to root my Android devices to fix the problem there (we'll see how quickly Samsung rolls out the patch). --------------------------| John L. Ries | Salford Systems | Phone: (619)543-8880 x107 | or (435)867-8885 | --------------------------| On Fri, 12 Aug 2016, rhkra...@gmail.com wrote: > Oops, my apologies, I did have a senior moment (but not the one I allluded to > earlier)--the reference I found to runtime was in the man page for sysctl, not > the README. > > > On Friday, August 12, 2016 10:54:52 AM Greg Wooledge wrote: > > I did some web surfing when this thread was posted, to try to track > > down *which kernel versions* are affected by this TCP security flaw. > > I haven't seen this information posted yet. > > > > http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf says: > > "The feature is outlined in RFC 5961, which is implemented faithfully > > in Linux kernel version 3.6 from late 2012." > > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696 says: > > "net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly > > determine the rate of challenge ACK segments, which makes it easier > > for man-in-the-middle attackers to hijack TCP sessions via a blind > > in-window attack." > > > > So the flaw appears to be in Linux kernels from 3.6 to 4.6 inclusive, > > which includes Jessie (3.16) but not Wheezy (3.2) or earlier. > > The jessie-backports kernel right now is 4.6, but only for a brief > > time. The last plan I saw was for Stretch to ship with 4.10, which > > should include the fix for this flaw. > > > > Now on to the thread: > > > > On Fri, Aug 12, 2016 at 10:42:36AM -0400, rhkra...@gmail.com wrote: > > > In the README for sysctl on my wheezy system, it says "configure kernel > > > parameters at runtime". > > > > Not on mine. > > > > greg@remote:~$ grep run /etc/sysctl.d/README.sysctl > > greg@remote:~$ > > > > > I may be having a senior moment, but, atm, I'm not completely sure what > > > runtime means > > > > "At boot time", I would think. But I don't know where your file actually > > came from, so my guesses about the author's intent might be somewhat off. > > > > README.sysctl is short enough to post in its entirety here, so this is > > what mine says on a wheezy system: > > > > > ====================================================================== > > Kernel system variables configuration files > > > > Files found under the /etc/sysctl.d directory that end with .conf are > > parsed within sysctl(8) at boot time. If you want to set kernel variables > > you can either edit /etc/sysctl.conf or make a new file. > > > > The filename isn't important, but don't make it a package name as it may > > clash with something the package builder needs later. It must end with > > .conf though. > > > > My personal preference would be for local system settings to go into > > /etc/sysctl.d/local.conf but as long as you follow the rules for the names > > of the file, anything will work. See sysctl.conf(8) man page for details > > of the format. > > > ====================================================================== > >
