A new vulnerability has been found in the Linux operating system that allowed attackers to hijack VPN connections. Then inject random data payloads into IPv4 and IPv6 TCP streams. The flawed was named “CVE-2019-14899” and was disclosed to the affected companies, which include Linux Kernel security, Google, Apple, Systemd, WireGuard, and OpenVPN.
This flaw majorly impacts Linux based OS, but attackers can use the vulnerability to attack other users. Here is a partial list of all such OS –
- Ubuntu 19.10 (systemd)
- Fedora (systemd)
- Debian 10.2 (systemd)
- Arch 2019.05 (systemd)
- Manjaro 18.1.1 (systemd)
- Devuan (sysV init)
- MX Linux 19 (Mepis+antiX)
- Void Linux (runit)
- Slackware 14.2 (rc.d)
- Deepin (rc.d)
- FreeBSD (rc.d)
- OpenBSD (rc.d)
How do attackers use this flaw?
This security flaw allows a network adjacent attacker to know if another user is connected to the same VPN server. The attacker can also find whether or not if the user is connected to a given website. Plus, they can determine the exact sequence and acknowledged numbers. After which they examine the packet send back, which leads to injecting of data and eventually hijacking the connection.
Researchers found out that the VPN technology has no protection against such an attack even when then responses they receive were encrypted. As the attacker can examine the data packets to find their type. The most vulnerable to this attack are most of the Linux distros. Amazon has stated that they are the only ones who aren’t affected by this vulnerability.
How to stay safe from this attack?
There is a very simple solution for this; all you need is to turn reverse path filtering on by using bogon filtering. Or by using filtering bogus IP address or encrypt packet size and timing. We suggest that you change this setting as quickly as possible; otherwise, you will be exposed to big vulnerability.