Major Linux TCP Stack Vulnerability Discovered



  • A new vulnerability in the Linux networking stack has come to light, one that is pretty widespread and to which users are highly vulnerable. The flaw was introduced in 2012 in the Linux 3.6 kernel and is now very common in nearly all Linux distributions, including Android. ZDNet looks at how the flaw works and what you can do about it and what is being done to patch it. The flaw stems from a new TCP security mechanism, ironically, and does not impact BSD, Mac OSX or most Windows systems as they had not yet implemented the new security mechanism.



  • On the Ubuntu Linux family, for instance, you can fix it with the following steps:

    • Open /etc/sysctl.conf, with an editor, such as vim.
    • Enter the line: net.ipv4.tcp_challenge_ack_limit = 999999999
    • Save the file.
    • Use the shell command "sysctl -p" to update the configuration.