CVE-2016-5696 Advisory

CVE-2016-5696 - has been identified as a vulnerability in the Linux kernel's tcp stack implementation (kernel versions 3.6 to 4.6).  At a high-level, a patient adversary can leverage rate-limited challenge ACK's on a non-secure tcp connection to conduct a hijacking attack.


net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack.

Find out more about CVE-2016-5696 from the MITRE CVE dictionary and NIST NVD.


Are KEMP LoadMasters Appliances affected?

All LoadMasters are affected. If you need further information on this issue, or access to a patch please contact our support team.  You can open a support ticket here.


This document is a living document and will be updated as more information becomes available

Was this article helpful?

5 out of 8 found this helpful