|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2016-08-10 21:14:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] The TCP "challenge ACK" side channel
Side-channel attacks against various kinds of protocols (typically
networking or cryptographic) are both dangerous and often hard for
developers and reviewers to spot.
They are generally passive attacks, which makes them hard to detect as well. A
recent paper
[PDF] describes in detail one such attack against the kernel's TCP
networking
stack; the bug (CVE-2016-5696)
has existed since Linux 3.6, which was released in 2012.
Ironically, the bug was introduced because Linux has implemented
a countermeasure against another type of attack.
Side-channel attacks against various kinds of protocols (typically
networking or cryptographic) are both dangerous and often hard for
developers and reviewers to spot.
They are generally passive attacks, which makes them hard to detect as well. A
recent paper
[PDF] describes in detail one such attack against the kernel's TCP
networking
stack; the bug (CVE-2016-5696)
has existed since Linux 3.6, which was released in 2012.
Ironically, the bug was introduced because Linux has implemented
a countermeasure against another type of attack.
