Main Vulnerability Database Exploits ID:2267 - Exploit for Man-in-the-middle attack in Linux kernel - CVE-2016-5696

ID:2267 - Exploit for Man-in-the-middle attack in Linux kernel - CVE-2016-5696

Published: April 7, 2020

Vulnerability identifier: #VU357

Vulnerability risk: Low

CVE-ID: CVE-2016-5696

CWE-ID: CWE-300

Exploitation vector: Remote access

Vulnerable software:
Linux kernel

Link to public exploit:

https://github.com/jduck/challack

Vulnerability description

The vulnerability allows a remote attacker to write arbitrary files and cause DoS condition on the target system.

The weakness exists due to an error in net/ipv4/tcp_input.c while determining the rate of challenge ACK segments. A remote attacker can perform man-in-the-middle attack and hijack TCP sessions via a blind in-window attack.

Remediation

Update to version 4.7.

ID:2267 - Exploit for Man-in-the-middle attack in Linux kernel - CVE-2016-5696

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human