ServerMania Urges Server Administrators To Update Against Off-Path Vulnerability

Share Article

ServerMania, a leading provider of managed cloud and dedicated server hosting, has advised server administrators to take immediate action to mitigate the risks of a recently discovered off-path vulnerability in the Linux kernel (CVE-2016-5696).

News Image
We’re concerned that many server administrators haven’t been made aware of the vulnerability or have neglected to apply the patch. We want to raise awareness of the potential risks to users and businesses.

ServerMania, a leading provider of managed cloud and dedicated server hosting, has advised server administrators to take immediate action to mitigate the risks of a recently discovered off-path vulnerability in the Linux kernel (CVE-2016-5696).

The vulnerability, which can be used by an attacker to terminate SSL-protected connections and inject data into non-encrypted connections, is the result of a flaw in the kernel’s handling of TCP connections. The vulnerability was introduced with the release of Linux 3.6, although it may be present in earlier versions as the code was backported by some distributions. Major distributions have released patches that mitigate the off-path vulnerability.

“As a provider of managed server hosting, we have proactively applied the necessary patches to protect our clients from the off-path vulnerability,” explained ServerMania CEO, Kevin Blanchard, “However, we’re concerned that many server administrators haven’t been made aware of the vulnerability or have neglected to apply the patch. We want to raise awareness of the potential risks to users and businesses of servers that remain vulnerable to CVE-2016-5696.“

This vulnerability is particularly pernicious because it can be leveraged without a privileged position between server and client, as is the case with a man-in-the-middle attack. Any sufficiently capable attacker who is able to determine the IP addresses of communicating machines can leverage the vulnerability to inject content or break the connection.

The vulnerability can be used as part of many attack types, but the most common is likely to involve cross-site scripting. An attacker may be able to leverage the vulnerability to inject JavaScript code into a web page, in which case it is trivially easy to exfiltrate sensitive information, including authentication credentials.

Given the seriousness of the vulnerability, ServerMania urges server administrators to apply the relevant patches and updates to their servers as soon as possible.

###

About ServerMania:

Since it was founded in 2002, ServerMania has always strived to provide its clients with enterprise-level service at an unbeatable cost. ServerMania offers a wide range of fully customizable dedicated, hybrid, cloud, VPS and colocation hosting services. All ServerMania clients enjoy a 100% uptime SLA and are assisted by a 24/7 rapid response team — one with some of the best response times in the industry. ServerMania also carries out regular surveys to ensure complete customer satisfaction and care. For more information, visit http://www.servermania.com.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Justin Blanchard
ServerMania
+1 716.745.4678
Email >
@servermaniainc
since: 11/2012
Follow >
Visit website