Academics have disclosed this week a security flaw impacting Linux, Android, macOS, and other Unix-based operating systems that allows an attacker to sniff, hijack, and tamper with VPN-tunneled connections.
The vulnerability -- tracked as CVE-2019-14899 -- resides in the networking stacks of multiple Unix-based operating systems, and more specifically, in how the operating systems reply to unexpected network packet probes.
According to the research team, attackers can use this vulnerability to probe devices and discover various details about the user's VPN connection status.
Attacks can be carried out from a malicious access point or router, or by an attacker present on the same network "to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website."
Furthermore, the research team also claims they were also able to determine the exact packet sequence in certain VPN connections.
"This allows us to inject data into the TCP stream and hijack connections," said William J. Tolley, one of the three members of the Breakpointing Bad research team at the University of New Mexico.
MULTIPLE OPERATING SYSTEMS IMPACTED
The team said they tested and successfully exploited the vulnerability on the following operating systems:
Other Unix-based operating systems like Android and macOS are also impacted.
- Ubuntu 19.10 (systemd)
- Fedora (systemd)
- Debian 10.2 (systemd)
- Arch 2019.05 (systemd)
- Manjaro 18.1.1 (systemd)
- Devuan (sysV init)
- MX Linux 19 (Mepis+antiX)
- Void Linux (runit)
- Slackware 14.2 (rc.d)
- Deepin (rc.d)
- FreeBSD (rc.d)
- OpenBSD (rc.d)
The research team said their attack worked against VPN technologies like OpenVPN, WireGuard, and IKEv2/IPSec, and possibly others, as "the VPN technology used does not seem to matter."
Read more: New vulnerability lets attackers sniff or hijack VPN connections | ZDNet