Patch/Configuration Management, Vulnerability Management

Netflix patches Linux SACK vulnerability

Netflix researchers uncovered several security vulnerabilities, within the TCP implementations on Linux and FreeBSD kernels.

The most severe of the flaws is the SACK Panic vulnerability, which could allow an attacker to remotely induce a kernel panic within recent Linux operating systems, according to a June 17 OpenWall blog post.

A kernel panic is a vulnerability where an operating system cannot easily recover, or in some cases not recover at all potentially forcing a restart of a targeted host, causing a temporary shutdown in services.

Netflix found a total of four separate vulnerabilities, each with their own distinct behaviors all pertaining to the same part of the Linux and FreeBSD TCP implementation.

Each vulnerability is patchable and, in many cases, there are workarounds for users who for whatever reason can’t make drastic modifications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.