Linux kernel vulnerability endangers web servers and Android devices

A recent cybersecurity report reveals that up to 5% or all web servers worldwide could be exposed to a Linux kernel security weakness. The issue could also be affecting millions of Android OS users, which suppose a critical risk.

Successful exploitation would allow threat actors to deploy a variant of the so-called “cross-layer” attacks targeting the Linux kernel with a security problem in the Pseudo Random Number Generator (PRNG). The attack is possible due to the UDP source port generation algorithm, the IPv6 flow label generation algorithm and the IPv4 generation algorithm on some Linux systems.

All this information could be used by threat actors in order to predict the random number value in other OSI layer implementations.

According to the report, this attack could lead to DNS cache poisoning scenarios affecting Linux systems. A successful attack could also allow hackers to track Linux and Android devices vulnerable to other attack variants. This kernel weakness was reported by Amit Klein, cybersecurity specialist at SafeBreach.   

The expert also mentioned that there is a most powerful variant of the attack that could be exposing Ubuntu servers: “About 13.4% of web servers running this distro have the required conditions for a successful exploitation campaign; nonetheless, this is just my estimation so the number of potentially exposed servers could be bigger”, Klein says.

As mentioned above, the PRNG weakness could also allow malicious hackers to exploit web-based tracking on Linux and Android devices: “The attack can be used to track people across networks, and even when the browser privacy mode is used, or while using a VPN soluction” Klein mentioned. A security patch for Android was launched last October, but users can fully prevent such scenario with Tor or even a proxy.

It is worth noting that only Linux and Android systems, as well as those running on top of the Linux kernel are vulnerable. Other Unix-based systems, such as macOS, use different PRNG algorithms, the report mentioned. The solution for Linux users is to replace the weak PRNG with stronger algorithms.