Linux Flaw Allows Attackers to Hijack Web Connections

69

Researchers discovered that a Transmission Control Protocol (TCP) specification implemented in Linux creates a vulnerability that can be exploited to terminate connections and conduct data injection attacks.

The flaw, tracked as CVE-2016-5696, is related to a feature described in RFC 5961, which should make it more difficult to launch off-path TCP spoofing attacks. The specification was formulated in 2010, but it has not been fully implemented in Windows, Mac OS X, and FreeBSD-based operating systems. However, the feature has been implemented in the Linux kernel since version 3.6, released in 2012.

Read more at Security Week