News

SegmentSmack and FragmentSmack Vulnerability

CVE-2018-5390 & CVE-2018-5391

As you may be aware from the media, two security flaws were found in the way the Linux kernel handled specially crafted segmented TCP packets. The security flaws have been dubbed “SegmentSmack” and “FragmentSmack”. 

While the impacts of these vulnerabilities are still developing, we would like to advise our clients that we will be updating this dedicated webpage with information as it becomes available to us. 

If there is a significant change in the risk level we will communicate this to our clients directly by email as new information becomes available. 

The Threat 

A flaw named FragmentSmack and SegmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger a resource-intensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and trigger a denial of service on target systems.

Recommendations

While the impacts of this vulnerability are still developing, we would like to advise our clients that we are reviewing this with our vendors and are assessing the best action that you should take to mitigate against this threat.

If you have any immediate concerns about this threat to your business please feel free to contact your Integrity360 account manager directly.

We will continue to update you as information becomes available. 

Check Point has now provided an official response to this vulnerability. Please click here

Last Update: 01:00pm 20/08/2018