There are actually two security flaws discovered; FragmentSmack, along with its sibling SegmentSmack, which relies on specially crafted TCP packets to trigger a DoS (denial-of-service) condition. Here we will focus on the FragmentSmack vulnerability.
FragmentSmack vulnerability is a DoS bug that allows an unauthenticated attacker to increase CPU usage through the roof on affected machines, jamming servers, rendering them unresponsive with abnormal IPv4 or IPv6 packets. Systems under a DoS attack with FragmentSmack are inoperable for the duration of the attack. As soon as the packet stream stops, the operating system recovers and the CPU returns to normal usage.
Cisco Product Vulnerability and Solution
The FragmentSmack bug is vulnerable to any product or service using Linux kernel 3.9 or later; Cisco is currently looking into its product line to determine which products are affected. There are over 80 products that are affected by the FragmentSmack vulnerability. Many of which are expected to be fixed by February 2019; according to a list assembled by the networking hardware manufacturer.
Many of the products currently under investigation are designed for enterprises and service providers in the routing and switching category. If you’re interested in a full list of products known to be affected by FragmentSmack, check the advisory list here.
Until a patch becomes available for your specific product or service there may be a “Workaround” available to you. You can check your product-specific documentation or the platform-dependent workarounds to see what is available to you. Both are listed in the “Vulnerable Products” section of the advisory link above.
Windows Systems Vulnerability and Solution
The Microsoft vulnerability affects all versions of Windows 7 through 10 (including 8.1 RT), Server 2008, 2012, 2016, and Core Installations that don’t have the latest set of security updates installed. IP fragmentation attacks are a known form of DoS, where the victims’ computer receives multiple IP packets of a smaller size that are expected to be reassembled into their original form at the destination.
The effect is that the CPU of the machine reaches 100% and renders the operating system unresponsive until the attacker stops sending malformed IP packets.
Microsoft suggests using the command below to disable packet reassembly as a workaround for the FragmentSmack vulnerability DoS bug:
The code will drop any packets that are out of order, increasing the potential of losses. To avoid any problems there should not be more than 50 out-of-order packets
FragmentSmack vulnerability has affected Cisco and Windows operating systems; however, patches are now available for both Linux (some products and services – – more coming each day) and Windows.