Articles Linux kernel vulnerability endangers web servers and Android devices

Linux kernel vulnerability endangers web servers and Android devices

-

Linux web servers and millions of Android devices are at risk due to a Linux kernel vulnerability that affects the pseudo-random number generator and allows cross-layer attacks due to the fact that UDP, IPv6 and IPv4 generation algorithms run on some Linux systems use a vulnerable PRNG.

As the author of the study, information security expert Amit Klein, explained , an attacker can determine the internal state of the PRNG at one OSI layer and use this data to predict a random numerical value at another OSI layer. This allows an attacker to perform a DNS cache poisoning attack on Linux systems both locally and remotely. The condition is that the DNS server must be outside the network.

DNS spoofing can be used for various malicious actions, for example, intercepting email and HTTP traffic, bypassing anti-spam mechanisms and email blacklists, conducting a local DoS attack, tracking an NTP client, etc.

What’s more, the issue Klein discovered also allows you to track Linux and Android devices even when your browser is in private mode or using a VPN.

According to the specialist, the most vulnerable to these attacks are servers on Ubuntu – about 13.4% of web servers run on Ubuntu, 3-5% of servers use Ubuntu and a public DNS service, satisfying the conditions for a potential attack. However, this figure could be higher, Klein said, because servers using external private DNS servers (for example, managed by internet rights) are also at risk.

The expert notified the Linux development team about the vulnerability in March this year. The issue was fixed with the release of a patch that implemented a more reliable PRNG using SipHash. In Android, the problem was fixed in October; an alternative method of defense against this attack is to use a proxy or Tor. DNS-over-HTTPS also blocks DNS spoofing, but does not protect against snooping.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you