FragmentSmack (CVE-2018-5391) Old Windows DoS Flaw Returns

A denial-of-service vulnerability typical for older versions of Windows has resurfaced in the operating system. The security flaw has been dubbed FragmentSmack (identical to SegmentSmack in Linux) and has been given the CVE-2018-5391 identifier. As explained in Microsoft’s advisory, “an attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassembling IP fragments”.

As a result of the DoS, the targeted system would become unresponsive with 100% utilization. In other words, the CPU reaches maximum utilization level and renders the operating system unresponsive. Nonetheless, the system would be able to recover the moment the attack ends.

More about FragmentSmack (CVE-2018-5391)

CVE-2018-5391 affects all versions of Windows, from Windows 7 to 10 (including 8.1 RT), Server 2008, 2012, 2016, as well as Core Installations that haven’t applied the security updates released in September 2018 Patch Tuesday.

The flaw was given the FragmentSmack nickname because it responds to IP fragmentation. Shortly explained, IP fragmentation is a process that breaks packets into smaller pieces (fragments), so that the resulting pieces can pass through a link with a smaller maximum transmission unit (MTU) than the original packet size. It should be noted that IP fragmentation attacks are a common form of DoS attacks, where the attacker overbears a network by exploiting datagram fragmentation mechanisms.

As for the FragmentSmack attack in particular, it is a TCP fragmentation type of attack, also known as a Teardrop attack. This attack is known to target TCP/IP reassembly mechanisms, averting them from putting together fragmented data packets. As a result, the data packets overlap and quickly overwhelm the victim’s servers, causing them to fail, Incapsula researchers explain.

It should also be noted that these attacks are due to (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: