—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting Cisco Products: August 2018

Advisory ID: cisco-sa-20180824-linux-ip-fragment

Revision: 1.0

For Public Release: 2018 August 24 21:30 GMT

Last Updated: 2018 August 24 21:30 GMT

CVE ID(s): CVE-2018-5391

+———————————————————————

Summary

=======

On August 14, 2018, the Vulnerability Coordination team of the National Cyber Security Centre of Finland (NCSC-FI) and the CERT Coordination Center (CERT/CC) disclosed a vulnerability in the IP stack that is used by the Linux Kernel. This vulnerability is publicly known as FragmentSmack.

The vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. An attack could be executed by an attacker who can submit a stream of fragmented IPv4 or IPv6 packets that are designed to trigger the issue on an affected device.

The vulnerability is due to inefficient IPv4 and IPv6 fragment reassembly algorithms in the IP stack that is used by the affected kernel. Linux Kernel Versions 3.9 and later are known to be affected by this vulnerability.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbgHzDXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczei4P/R4MzEMyas29CWwXb2XGxrgsuI7z
CD8YFIMJxdzGMTasnfuYVP8GQEnZyKJvOim5YbmMXdg0/htqWJll4LXtjiedRXiu
0WsqF2Jc3PvUvRsS8wZ56SLaco7kpDXlsD2YbYPoI5+BhI6uWfu33X9nNkTdWueX
VPqf1+BpAXWWN6fOBPd/qFzg87/od5iiViYTaTaGr2X7G3E3Z3RSq9L791425Big
xhQESQcmL1l1mg0akv0zsc+rQ129OiyQsX3zYIg/hug0u9x4EVHj1LNvcWDf1qRc
DjKYkvehtK4+zYyEXZ0l/h0UqXObscpQ0H+44aqISSVM1lei0Cgne/7ikECWPANl
ivtJ7efjMtDN+PrIyiZ/E5jkp97EeVkJP9z+ql+aUyY3xn/QVuBg7405LtMIaZ7A
MwFHlWK67pgFAo5gSWfStGsED3Gdb20rcY55e67df9rOgMj3n71EjhCDRolPdQjU
GF5u7LrSF26GHpDP4jQ/dXQvofZKudUcXXZAYfMjc5+sSUoxU3UDBc+Z2bZUYjj7
8WERYvk2dxHXy4HZRjYFjc64nGoeFycuQcsz+m0o+cXM6aMpDiMvh8LM1VjE6RXE
UL4QwAFuDRDFMtOFXt7agE6VKEl6gbf5OkHgQePnzz8icPtoQSq+kTJ3Gz1S0kHj
8wCEuT7JNqQ4Fgli
=1OWo
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com