<img alt="" src="https://secure.leadforensics.com/89462.png" style="display:none;">

Nexusguard Blog

Cybersecurity best practices and DDoS defence strategies

Latest Stories

Nexusguard Research Nexusguard Research
Aug 01, 2019

The Challenge of Data Sovereignty When Moving Cybersecurity to the Cloud

Nexusguard Research Nexusguard Research
Jul 26, 2019

Nepal’s cybersecurity yet to catch up with exponential increase in smartphone internet access

Nexusguard Research Nexusguard Research
Jul 11, 2019

The devastating effects of hitting mission-critical facilities

Featured Stories

Blog Home
Nexusguard Product
By
August 14, 2018

DDoS Vulnerability Alert: Linux Kernel (ver 4.9+) (CVE-2018-5390)

  DDoS Vulnerabilities CVE-2018-5390 Patch Linux Kernel SegmentSmack

A vulnerability known as “SegmentSmack” was recently discovered in Linux kernels of versions 4.9 or later. An attacker can exploit this vulnerability by remotely sending specially crafted TCP packets to prompt resource-intensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() via open ports, causing CPU saturation and ultimately achieving a denial-of-service (DoS) effect.

 

It is confirmed that all Nexusguard services are not affected by the vulnerability. We are also working with our vendors on the patching of a few non-critical systems they supply. We recommend customers running affected Linux kernels to apply the patches from the following links:

 

https://lkml.org/lkml/2018/7/28/40 (Linux 4.9.116)

https://lkml.org/lkml/2018/7/28/44 (Linux 4.17.11)

Popular Stories

Little droplets form roaring ocean Jan 03, 2019
2019 Will Be an Eventful Period for Cybersecurity Jun 22, 2018
Can “clean pipe” really clean dirty traffic? Jul 17, 2018

Popular Tags

DDoS Cybersecurity Cyber Attack DDoS Protection CSP Amplification Attack DDoS Mitigation Memcached Attack Botnet Malware Vulnerabilities DDoS Attacks Financial Sector IoT Protest Ransom SSDP Satori 4Chan Anarchy Attack Target Banking and Finance Bash Big Data Analytics Bitcoin Blackhat Blackhole CVE-2018-5390 Class-C Clean Pipe Cloud service provider Communications Service Provider DDoS Simulation Platform DDoS Threat Report Data Privacy Data Protection Device Limitations Fatal Blow Forecast G20 Summit GDPR HTML5 HTML5 Ping ISP Lethal Problems Linux Kernel Meltdown Mirai Multi-vector attack Mumsnet Nepel Network Breach Nexusguard Partner Program Origin Protection Patch Pentagon Potential Problem Infrastructures RCE Vulnerability Replay Attacks SegmentSmack Shellshock Spectre TCP SYN flood Torshammer Trojan Turkish General Election Ukrainian Presidential Election Universities Wordpress World Cup big bill cleanpipe cloud cloud service providers ddos for hire government smokescreen telegram zero-day attack

A vulnerability known as “SegmentSmack” was recently discovered in Linux kernels of versions 4.9 or later. An attacker can exploit this vulnerability by remotely sending specially crafted TCP packets to prompt resource-intensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() via open ports, causing CPU saturation and ultimately achieving a denial-of-service (DoS) effect.

Comments Form:

Related articles

Nepal’s cybersecurity yet to catch up with exponential increase in smartphone internet access

The devastating effects of hitting mission-critical facilities

The art of cyberwar: How DDoS attacks turn political situations around