Windows 10 News and info | Forum
October 23, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Windows Systems Vulnerable to FragmentSmack, 90s-Like DoS Bug  (Read 40 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 29075


I Do Windows


WWW Email
« on: September 15, 2018, 09:16:12 PM »
ReplyReply

Microsoft released a security advisory about a denial-of-service vulnerability that could render multiple versions of Windows completely unresponsive and has no mitigation factors, the company says.

The vulnerability affects all versions of Windows 7 through 10 (including 8.1 RT), Server 2008, 2012, 2016, and Core Installations.

Tagged with the identification number CVE-2018-5391, the bug received the moniker FragmentSmack because it responds to IP fragmentation, a process that adjusts the packet size to fit the maximum transmission unit (MTU) at the receiving end.

IP fragmentation attacks are a known form of denial of service, where the victim computer receives multiple IP packets of a smaller size that are expected to be reassembled into their original form at the destination.

FragmentSmack is a TCP fragmentation type of attack, also known as a Teardrop attack, that prevents reassembling the packets on the recipient end. The vulnerability is as old as Windows 3.1 and 95, where it crashed the OS, but it was seen in the more recent Windows 7, too.

"An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassembling IP fragments," reads Microsoft's advisory on the bug.

The effect is that the CPU of the machine reaches the maximum utilization level and renders the operating system unresponsive. As soon as the packet salvo ceases, the CPU returns to normal usage and the system recovers.

Microsoft recommends disabling packet reassembly

If the environment does not allow applying the security updates immediately, Microsoft recommends using the commands below to disable packet reassembly as a workaround for the FragmentSmack denial-of-service bug:

Quote
Netsh int ipv4 set global reassemblylimit=0
Netsh int ipv6 set global reassemblylimit=0


They will drop any packets that are out of order, increasing the potential of losses. To void any problems there should not be more than 50 out-of-order packets.

Some security products from CheckPoint are also affected by FragmentSmack, and the company suggests disabling fragments as an immediate workaround.

Linux went through this, too, and got over it

FragmentSmack was discovered first on Linux, along with another DoS vulnerability dubbed SegmentSmack (CVE-2018-5390), where it affected devices running on kernel version 3.9 and above. It has been patched in the major distributions.

Credited for the original discovery of FagmentedSmack and for SegmentSmack is Juha-Matti Tilli, a researcher with Nokia Labs and the Department of Communications and Networking at the Aalto University in Finland.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page October 18, 2018, 04:43:04 AM