Investigation of the 2016 Linux TCP Stack Vulnerability at Scale

摘要

In this work we analyzed the impact of the recent challenge ACK vulnerability in Linux kernel, including (1) who was initially vulnerable, (2) patching behavior over time, by hosting services, and by network services (3) how notification affects the patching behavior. In general, we find that many in the top websites were vulnerable and remain vulnerable for an extended period of time. We find that the hosting services behind many of the top websites in fact have a surprisingly diverse and sometimes opposite patching behavior. We show that Linux kernel patching has some interesting differences from the recent Heartbleed and the Debian weak key event. The lessons and data collected will hopefully help the community better react to future Internet-wide security events.