While Unix-based systems are much safer than Windows, they are not exempt from problems. This time a new vulnerability has been reported that affects VPNs. So today we will talk to you about it.
Recently, a new vulnerability has been published that affects Unix-based systems. This new vulnerability registered under the code CVE-2019-14899, shows us that malicious users can compromise the security of VPNs. It has been reported by the University of New Mexico.
What do we mean by compromising security? Well, that an external user can know if a user is connected to a VPN or visiting a certain website. However, it could also hijack all TCP connections that pass through that VPN. That is to say, connections to databases, FTP servers or even entire websites of that server would be at risk.
According to the researchers who have detected the new vulnerability, the steps for the attack are as follows:
- Determining the VPN client’s virtual IP address.
- Using the virtual IP address to make inferences about active connections.
- finally, using the encrypted replies to unsolicited packets to determine the sequence and acknowledgment numbers of the active connection to hijack the TCP session.
Which systems are affected for this new vulnerability?
The affected systems are quite a lot because they cover different versions of Linux, as well as BSD and probably macOS.
So, the expert researchers, has drawn up a non-exhaustive list of distributions that are compromised. The list is as follows:
- Ubuntu 19.10 (systemd)
- Fedora (systemd)
- Debian 10.2 (systemd)
- Arch 2019.05 (systemd)
- Manjaro 18.1.1 (systemd)
- Devuan (sysV init)
- MX Linux 19 (Mepis+antiX)
- Linux Void (runit)
- Slackware 14.2 (rc.d)
- Deepin (rc.d)
- FreeBSD (rc.d)
- OpenBSD (rc.d)
So, we’re talking about a lot of Linux users.
What can we do about it?
This is a vulnerability that happens at a very technical level. Therefore, it is expected that Linux distributions will be launched to make the patch that definitively covers the vulnerability.
However, the experts give some possible temporary solutions:
- Turning reverse path filtering on
- Bogon filtering
- Encrypted packet size and timing
Anyway, keep your system up to date because the patch should be here soon.
So, for more information, I leave you the link to the original publication of the new vulnerability. There you will find many technical details about it.