Hosting services provider ServerMania
has advised server administrators to address a vulnerability found in Linux’s kernel. ServerMania, whose corporate address is in Stoney Creek, Ontario, Canada, was established in 2002. The company offers a wide range of hosting solutions through four data centers located across the United States. These services include cloud, VPS, dedicated and web hosting solutions, each underpinned by the company’s Surge platform. It is recommending “immediate action to mitigate the risks of the recently discovered off-path vulnerability in the Linux kernel (CVE-2016-5696)”.
Introduced with the release of Linux 3.6, the recently discovered vulnerability can allow hackers to terminate SSL-protected connections and “inject data into non-encrypted connections” resulting in corruption of the kernel’s TCP connection handling capability. The vulnerability can allow “any sufficiently capable attacker who is able to determine the IP addresses of communicating machines” to mount attacks of a number of different types. Patches that address the vulnerability have been released and ServerMania recommends they are applied “as soon as possible”.
“As a provider of managed server hosting, we have proactively applied the necessary patches to protect our clients from the off-path vulnerability,” suggested Kevin Blanchard, the CEO of ServerMania. “However, we’re concerned that many server administrators haven’t been made aware of the vulnerability or have neglected to apply the patch. We want to raise awareness of the potential risks to users and businesses of servers that remain vulnerable to CVE-2016-5696.“Have you been impacted by the recently discovered off-path vulnerability in the Linux kernel? Let us know the details. Add your comments below.