- Home
- CVEs with nessus.description==From+Red+Hat+Security+Advisory+2016%3A1633+%3A%0A%0AAn+update+for+kernel+is+now+available+for+Red+Hat+Enterprise+Linux+7.%0A%0ARed+Hat+Product+Security+has+rated+this+update+as+having+a+security+impact+of+Important.+A+Common+Vulnerability+Scoring+System+%28CVSS%29+base+score%2C+which+gives+a+detailed+severity+rating%2C+is+available+for+each+vulnerability+from+the+CVE+link%28s%29+in+the+References+section.%0A%0AThe+kernel+packages+contain+the+Linux+kernel%2C+the+core+of+any+Linux+operating+system.%0A%0AIt+was+found+that+the+RFC+5961+challenge+ACK+rate+limiting+as+implemented+in+the+Linux+kernel%27s+networking+subsystem+allowed+an+off-path+attacker+to+leak+certain+information+about+a+given+connection+by+creating+congestion+on+the+global+challenge+ACK+rate+limit+counter+and+then+measuring+the+changes+by+probing+packets.+An+off-path+attacker+could+use+this+flaw+to+either+terminate+TCP+connection+and%2For+inject+payload+into+non-secured+TCP+connection+between+two+endpoints+on+the+network.+%28CVE-2016-5696%2C+Important%29%0A%0ARed+Hat+would+like+to+thank+Yue+Cao+from+Cyber+Security+Group+in+the+CS+department+of+University+of+California%2C+Riverside%2C+for+reporting+this+issue
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top