CVE-2011-3188 - How Weak Randomness in Linux Kernel Sequence Numbers Enabled Session Hijacking

In 2011, security researchers uncovered a significant vulnerability in the Linux kernel affecting both IPv4 and IPv6 networking stacks. This flaw—CVE-2011-3188—allowed remote attackers to hijack connections or disrupt entire network sessions due to weak randomness in TCP sequence numbers and fragment IDs. In this deep-dive post, we’ll explain what happened, examine the vulnerable code, and explore how attackers could exploit it, all in simple terms.

What is CVE-2011-3188?

CVE-2011-3188 is a vulnerability in the Linux kernel (prior to version 3.1) involving the generation of TCP sequence numbers and fragment identification values. Instead of using a strong random number generator, the kernel used a modified version of the MD4 hash algorithm. This created predictable values, making it easier for attackers to:

Why Does This Matter?

TCP sequence numbers and fragment IDs should be unpredictable. If an attacker can guess them, they can insert their own malicious packets, disrupt connections, or take control of sessions. For networks, especially public-facing servers, this is a big deal.

The Vulnerability Explained

For each network packet, Linux needs to pick a fragment ID (for IPv4/IPv6 fragmentation) and TCP sequence numbers. Ideally, these should be hard to guess.

Before kernel version 3.1, Linux used a fragment of the MD4 algorithm. Unfortunately, it was not used correctly—in fact, the code was both a modified version and only a partial one, reducing randomness.

Here’s one of the problematic code snippets from net/ipv4/tcp_input.c:

u32 tcp_v4_init_sequence(const struct sk_buff *skb)
{
    // ... 
    u32 hash = half_md4_transform(...); // Weak hash function!
    return hash;
}

Similarly, fragment IDs for IP packets were generated in a comparable way.

MD4 is already weak: It’s considered insecure for cryptographic purposes.

- Partial/modified use: Not even the whole MD4! Truncated rounds further weaken it.
- Inputs are predictable: Source/destination IP and port numbers are mostly public knowledge.

1. TCP Session Hijack

If an attacker predicts the next TCP sequence number for a session, they can inject data or reset the connection.

Injecting commands into the session

- Resetting/closing connections (DoS)

Sample Python Pseudocode

def predict_sequence_number(src_ip, dst_ip, src_port, dst_port):
    # Simplified pseudocode: replicate kernel’s "weak hash" here
    data = str(src_ip) + str(dst_ip) + str(src_port) + str(dst_port)
    guessed_seq = md4_replacement(data) # placeholder, not real MD4
    return guessed_seq

# Now use guessed_seq to craft an attack packet (with scapy, for example)

2. Fragmentation Attacks

Attackers can also predict the identification field for fragmented IP packets, allowing them to tamper with the way packets are reassembled, causing denial of service or data corruption.

Real-World Impact

Back in 2011, this bug potentially exposed many Linux systems—servers, IoT devices, even desktops—to straightforward network manipulation. Any attacker with the ability to observe or guess the communication endpoints could attempt to hijack or disrupt active connections.

*This affects all Linux kernels prior to version 3.1.*

Fix and Mitigation

The fix: Kernel developers replaced the modified MD4 function with a more robust (and unpredictable) random number generator for sequence and fragment IDs.

References and Further Reading

- CVE-2011-3188 entry at NIST NVD
- Linux Kernel Patch (LKML Mailing List)
- Red Hat Security Advisory
- Original bug discussion and patch
- Wikipedia: TCP Sequence Prediction Attack

The Bottom Line

Even small mistakes in pseudo-random number generation can undermine the security of critical network protocols. CVE-2011-3188 was a prime example—highlighting why secure randomness and cryptographic standards matter, even in kernels.

If you’re running Linux from before 2011, it’s time to patch. And always remember: predictable values are the enemy of security.


*This article is exclusive to this channel and provides a simplified explanation for security learners and sysadmins interested in kernel vulnerabilities.*

Timeline

Published on: 05/24/2012 23:55:00 UTC
Last modified on: 02/13/2023 04:32:00 UTC