CVE-2016-5696
kernel: challenge ACK counter information disclosure.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
net/ipv4/tcp_input.c en el kernel de Linux en versiones anteriores a 4.7 no determina adecuadamente la tasa de segmentos de desafío ACK, lo que facilita a atacantes remotos secuestrar sesiones TCP a través de un ataque ciego en ventana.
It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-06-16 CVE Reserved
- 2016-08-06 CVE Published
- 2023-07-10 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-203: Observable Discrepancy
CAPEC
References (33)
| URL | Tag | Source |
|---|---|---|
| http://source.android.com/security/bulletin/2016-10-01.html | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2016/07/12/2 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | Third Party Advisory |
|
| http://www.prnewswire.com/news-releases/mitnick-attack-reappears-at-geekpwn-macau-contest-300270779.html | Technical Description | |
| http://www.securityfocus.com/bid/91704 | Vdb Entry | |
| http://www.securitytracker.com/id/1036625 | Vdb Entry | |
| https://bto.bluecoat.com/security-advisory/sa131 | X_refsource_confirm | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10167 | X_refsource_confirm | |
| https://security.paloaltonetworks.com/CVE-2016-5696 | X_refsource_confirm | |
| https://www.arista.com/en/support/advisories-notices/security-advisories/1461-security-advisory-23 | X_refsource_misc | |
| https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_cao.pdf | Technical Description |
| URL | Date | SRC |
|---|---|---|
| https://github.com/Gnoxter/mountain_goat | 2024-08-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | <= 7.0 Search vendor "Google" for product "Android" and version " <= 7.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Vm Server Search vendor "Oracle" for product "Vm Server" | 3.3 Search vendor "Oracle" for product "Vm Server" and version "3.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Vm Server Search vendor "Oracle" for product "Vm Server" | 3.4 Search vendor "Oracle" for product "Vm Server" and version "3.4" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.6.6 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.6.6" | - |
Affected
| ||||||