WiredTree Warns Linux Server Administrators To Update In Wake Of Critical Off-Path Kernel Vulnerability

Share Article

WiredTree, a leading provider of managed server hosting, has warned Linux server administrators to update their servers in response to Ars Technica's recent discovery of a serious off-path vulnerability in the Linux kernel’s handling of TCP connections.

News Image
This vulnerability is a critical flaw in the mechanism that is almost universally used for communication on the internet — including between web servers and browsers.

WiredTree, a leading provider of managed server hosting, has warned Linux server administrators to update their servers in response to the discovery of a serious off-path vulnerability in the Linux kernel’s handling of TCP connections.

The vulnerability (reported in Ars Technica on 10 August 2016) could be used to inject content into connections between two machines communicating over TCP, which includes most Internet-connected machines. Unlike many such attacks, the vulnerability (CVE-2016-5696) does not require a man-in-the-middle attack — any machine connected to the internet is capable of discovering and interfering with TCP connections.

Kernel developers have since released patches that fix the vulnerability, and many Linux distribution maintainers, including those of the popular CentOS distribution, have integrated those patches into security updates. Server administrators should update their servers’ operating systems as soon as possible.

“This vulnerability is a critical flaw in the mechanism that is almost universally used for communication on the internet — including between web servers and browsers. It allows an attacker to introduce arbitrary data, including code, into the connection,” says Zac Cogswell, President of WiredTree, “Patches have been released and applied to our managed hosting servers, but WiredTree wants to make sure that as many server administrators as possible are made aware of the risks and perform the necessary updates.”

There are some limitations to the effectiveness of the attack. It takes time for an attacker to inject content into TCP connections, and short-lived TCP connections are at substantially less risk. However, many modern websites keep TCP connections alive so that pages can be updated. Web applications in particular tend to use long-lived TCP connections, putting users of those applications at risk for as long as servers remain unpatched. Connections protected by SSL aren’t at risk of having content injected, but the vulnerability can be used to break such connections.

A typical practical application of this vulnerability would be to inject JavaScript onto the page of a website, allowing for a cross-site scripting attack. Once an attacker is able to inject arbitrary code into webpages, they may be able to exfiltrate authentication credentials and take control of the site.

WiredTree strongly urges system administrators to update their servers at the earliest possible convenience to mitigate this serious vulnerability.

###

About WiredTree

WiredTree specializes in delivering managed hosting experience that places the client in complete command; covering virtual, hybrid, and dedicated web hosting. As champions of customer care, it's no wonder that more than 5,000 clients enjoy WiredTree's free hardware level-ups and a <15 minute average ticket response time. All of this is built on top of only the highest-performing technologies, including LiteSpeed web server, MariaDB, memcached, SSD-driven hardware, and an in-house management system called Grove. To learn more about what WiredTree can do for your site, visit http://www.wiredtree.com.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Zac Cogswell
WiredTree
+1 866-523-8733
Email >
@wiredtree
since: 03/2009
Follow >
Follow us on
Visit website