New Linux vulnerability lets attackers hijack VPN connections
Miroslav Lachman
000.fbsd at quip.cz
Sun Dec 8 09:25:44 UTC 2019
https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/
Security researchers found a new vulnerability allowing potential
attackers to hijack VPN connections on affected *NIX devices and inject
arbitrary data payloads into IPv4 and IPv6 TCP streams.
They disclosed the security flaw tracked as CVE-2019-14899 to distros
and the Linux kernel security team, as well as to others impacted such
as Systemd, Google, Apple, OpenVPN, and WireGuard.
The vulnerability is known to impact most Linux distributions and
Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and
Android.
Attacks exploiting CVE-2019-14899 work against OpenVPN, WireGuard, and
IKEv2/IPSec, but the researchers are still testing their feasibility
against Tor.
https://seclists.org/oss-sec/2019/q4/122
--
Miroslav Lachman
More information about the freebsd-security
mailing list