Bugs in Linux open doors for Hijacking Attack
Linux system vulnerability, Vulnerability on Linux, security of Linux, pure off path TCP attack, RFC5961 Vulnerability, security of SSL
Even if the connection between two parties is encrypted, attacker can remotely close the connection between them, and if not encrypted, attacker can inject a malicious code between the connection.
The vulnerability resides in the design and implementation of RFC 5961, a relatively new Internet standard that's intended to prevent certain classes of hacking attacks. In fact, the protocol is designed in a way that it can easily open Internet users to so-called blind off-path attacks, in which hackers anywhere on the Internet can detect when any two parties are communicating over an active transmission control protocol connection. Attackers can go on to exploit the flaw to shut down the connection, inject malicious code or content into unencrypted data streams, and possibly degrade privacy guarantees provided by the Tor anonymity network.
Researchers from University of California and US army Research will demonstrate the vulnerability and also shows the Proof-of-Concept of exploit, at 25th Usenix Security Symposium.
Here is a video Demonstration of the bug, where researchers have show the live exploitation of bug on US Today media site.
It is clear that US Today site is vulnerable and there are many more top sites that suffers from this bug.
As the bug resides in the design and implementation of RFC5961, the problematic RFC 5961 has not yet been fully implemented in Windows or Mac OS X, so those operating systems aren't believed to be vulnerable. By contrast, the Linux operating system kernel, starting with version 3.6 introduced in 2012, has added a largely complete set of functions implementing the standard. Linux kernel maintainers released a fix with version 4.7 almost three weeks ago, but the patch has not yet been applied to most mainstream distributions. For the attack to work, only one of the two targeted parties has to be vulnerable, meaning many of the world's top websites and other services running on Linux remain susceptible.