Locked Dangerous vulnerability allows interception of VPN connections

[Darkside707]

The problem affects Linux, Android, macOS, and other Unix-based operating systems.

 

University of New Mexico specialists released information on a vulnerability affecting Ubuntu, Fedora, Debian, FreeBSD, OpenBSD, macOS, iOS, Android and other Unix-based operating systems. The problem allows you to listen and intercept VPN connections, as well as inject arbitrary data into IPv4 and IPv6 TCP streams.
Link:

This is the hidden content, please

• Sign In
• or
• Sign Up

The vulnerability that received the identifier CVE-2019-14899 is associated with the network stacks of Unix-based operating systems, in particular, with the way the OS react to unexpected network packets. According to researchers, this vulnerability could be exploited by cybercriminals to learn more about the status of a user's VPN connection. Attacks can be carried out on behalf of a malicious access point or router, or by attackers located on the same network as the victim. Thus, an attacker can "determine whether the user is connected to the VPN, find out the virtual IP address assigned by the VPN server, as well as the presence of an active connection to any site."

Moreover, the research team also managed to find out the exact sequence of packets in certain VPN connections, which can be used to inject data into TCP streams and intercept connections.

Experts have successfully tested the vulnerability in the following operating systems:

Ubuntu 19.10 (systemd)

Fedora (systemd)

Debian 10.2 (systemd)

Arch 2019.05 (systemd)

Manjaro 18.1.1 (systemd)

Devuan (sysV init)

MX Linux 19 (Mepis + antiX)

Void Linux (runit)

Slackware 14.2 (rc.d)

Deepin (rc.d)

FreeBSD (rc.d)

OpenBSD (rc.d)

According to them, the vulnerability also extends to Android, iOS and macOS. As noted, most of the tested Linux distributions using versions of systemd released after November 28, 2018 are vulnerable - in these versions Reverse Path Filtering is disabled.

Attacks exploiting this vulnerability are also relevant for OpenVPN, WireGuard, and IKEv2 / IPSec. Although the vulnerability has not been tested with respect to Tor, the researchers believe that the network does not affect the problem, since it "works at the SOCKS level, and authentication and encryption are carried out in the user space."