WiredTree Warns Linux Server Administrators To Update In Wake Of Critical Off-Path Kernel Vulnerability
WiredTree, a leading provider of managed server hosting, has warned Linux server administrators to update their servers in response to Ars Technica's recent discovery of a serious off-path vulnerability in the Linux kernel’s handling of TCP connections.
(PRWEB)September 12, 2016 - WiredTree, a leading provider of managed server hosting, has warned Linux server administrators to update their servers in response to the discovery of a serious off-path vulnerability in the Linux kernel’s handling of TCP connections.
The vulnerability (reported in Ars Technica on 10 August 2016) could be used to inject content into connections between two machines communicating over TCP, which includes most Internet-connected machines. Unlike many such attacks, the vulnerability (CVE-2016-5696) does not require a man-in-the-middle attack — any machine connected to the internet is capable of discovering and interfering with TCP connections.
Kernel developers have since released patches that fix the vulnerability, and many Linux distribution maintainers, including those of the popular CentOS distribution, have integrated those patches into security updates. Server administrators should update their servers’ operating systems as soon as possible.
“This vulnerability is a critical flaw in the mechanism that is almost universally used for communication on the internet — including between web servers and browsers. It allows an attacker to introduce arbitrary data, including code, into the connection,” says Zac Cogswell, President of WiredTree, “Patches have been released and applied to our managed hosting servers, but WiredTree wants to make sure that as many server administrators as possible are made aware of the risks and perform the necessary updates.”
There are some limitations to the effectiveness of the attack. It takes time for an attacker to inject content into TCP connections, and short-lived TCP connections are at substantially less risk. However, many modern websites keep TCP connections alive so that pages can be updated. Web applications in particular tend to use long-lived TCP connections, putting users of those applications at risk for as long as servers remain unpatched. Connections protected by SSL aren’t at risk of having content injected, but the vulnerability can be used to break such connections.
WiredTree strongly urges system administrators to update their servers at the earliest possible convenience to mitigate this serious vulnerability.
WiredTree specializes in delivering managed hosting experience that places the client in complete command; covering virtual, hybrid, and dedicated web hosting. As champions of customer care, it's no wonder that more than 5,000 clients enjoy WiredTree's free hardware level-ups and a <15 minute average ticket response time. All of this is built on top of only the highest-performing technologies, including LiteSpeed web server, MariaDB, memcached, SSD-driven hardware, and an in-house management system called Grove. To learn more about what WiredTree can do for your site, visit http://www.wiredtree.com.
WiredTree was formed in June 2006 to set a new standard for managed dedicated and VPS hosting. The goal was to provide our clients with a superior managed hosting environment for our clients through customer service, innovative network design, a unique suite of services, and the latest technological advances in server hardware. A managed hosting environment that not only supported our clients at all levels, but also provided a true value.To realize this goal we created a modernized internal support structure to better handle client issues and... read more
Leave a Comment