IR Number	FG-IR-16-047
Date	Apr 4, 2017
Severity	Medium
Impact	Information disclosure
CVE ID	CVE-2016-5696
CVRF	Download

Refine Search

PSIRT Advisories

Linux kernel - challenge ack information leak

Summary

net/ipv4/tcp_input.c in certain Linux kernel versions does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

Affected Products

FortiOS versions

5.2.8 and below
5.4.0 & 5.4.1

FortiAnalyzer versions 5.4.0 & 5.4.1

Solutions

For FortiOS, upgrade to versions

5.2.9 or
5.4.2 or
5.6.0

For FortiAnalyzer, upgrade to version

5.4.2

References

https://nvd.nist.gov/vuln/detail/CVE-2016-5696

Network

Content and Endpoint

Application

Response

FortiNDR

FortiSandbox

FortiTester

PSIRT Advisories