Threatpost reported that a Transmission Control Protocol (TCP) flaw has resided in the Linux implementation since 2012, or since v3.6 of the kernel. The flaw affects all internet users and puts them at risk — not just the ones directly on Linux systems.

At least that’s what security experts are saying. Researchers from the University of California, Riverside and the U.S. Army Research Laboratory delivered a paper at the USENIX Security Symposium, “Off-Path TCP Exploits: Global Rate Limit Considered Dangerous,” that outlined the problem and suggested some mitigation strategies.

A Subtle TCP Flaw

UCR said in a press statement that it had discovered a subtle flaw in the Linux software in the form of side channels. Attackers can exploit the flaw to infer the TCP sequence numbers associated with a particular connection. The only information cybercriminals need to carry out this type of attack is the IP address of the communicating parties.

Encrypted connections, the researchers said, are immune to data injection. However, those encrypted connections can still be forcefully terminated by the attacker. According to UCR, the attack can be executed in less than a minute and has a 90 percent success rate.

No user action is necessary to carry out this attack. In fact, users could become victims without doing anything wrong from a security standpoint, such as inadvertently downloading malware or clicking on a link in a phishing email.

The researchers created a short video showing how the attacks works.

A Simple Remedy

The researchers alerted Linux about the vulnerability. There are now patches that can be applied to the latest Linux version.

Until those Linux patches are applied across the board, however, one UCR researcher recommended a temporary patch that can be applied to both client and server hosts. The patch simply raises the challenge ACK limit to a very large value, which makes it “practically impossible” to exploit the side channel, the press statement noted.

Performing the change to that parameter can be as simple as adding one line to the sysctl.conf file and then updating. It’s rare that such a major vulnerability can be so simply remedied — and as such leaves no room for excuses when it comes to patching.

More from

Beyond Requirements: Tapping the Business Potential of Data Governance and Security

3 min read - Doom and gloom. Fear, uncertainty and doubt. The "stick" versus the "carrot". What do these concepts have in common? They have often provided the primary motivation for organizations’ data governance and security strategies. For the enterprise, this mindset has perpetuated the idea that data governance, data security and data privacy are reactive cost centers existing due to externally imposed requirements or mandates.Yet, what if data governance and security practices could upend the prevailing paradigm and demonstrate direct business value?[button link=""…

3 min read

Protecting Against Remote Monitoring and Management Phishing

3 min read - You use remote monitoring and management (RMM) software to closely monitor your cyber environment and keep your organization safe. But now cyber criminals are specifically targeting these tools, causing legitimate software to become a vulnerability. This is the latest type of attack in an increase in a recent trend of disruptive software supply chain attacks. The Cybersecurity and Infrastructure Security Agency (CISA) recently released an alert about the malicious use of legitimate remote monitoring and management (RMM) software. Last fall,…

3 min read

Secure-by-Design: Which Comes First, Code or Security?

4 min read - For years, developers and IT security teams have been at loggerheads. While developers feel security slows progress, security teams assert that developers sacrifice security priorities in their quest to accelerate production. This disconnect results in flawed software that is vulnerable to attack. While advocates for speed and security clash, consumers must often pay the price when threat actors strike. 48% of developers admitted they were still shipping code with vulnerabilities in 2022. It’s clearly time for a change. Many believe…

4 min read

ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)

7 min read - In late April 2023, IBM Security X-Force uncovered documents that are most likely part of a phishing campaign mimicking credible senders, orchestrated by a group X-Force refers to as ITG10, and aimed at delivering RokRAT malware, similar to what has been observed by others. ITG10's tactics, techniques and procedures (TTPs) overlap with APT37 and ScarCruft. The initial delivery method is conducted via a LNK file, which drops two Windows shortcut files containing obfuscated PowerShell scripts in charge of downloading a…

7 min read