We found results for “”
CVE-2019-11477
Date: June 18, 2019
Overview
A kernel panic or a denial of service in Linux can be triggered by an integer overflow. An attacker sends a crafted sequence of selective acknowledgments (SACK) on a TCP with a small value of MSS leading to a crash.Details
SACK or selective acknowledgment is a part of the loss detection mechanism in TCP. A data receiver uses SACK to confirm the receipt of successful segments. This enables the senders to retransmit missing segments from a stream. In case a stream transmission was incomplete, SACK eliminates the need for larger retransmits. Thus, enabling SACK improves the efficiency of a network. Any TCP segment has a header that contains information about the segment size. Specifically, MSS or maximum segment size tells the receiving device the largest amount of data it can receive in bytes. If the MSS value is too small, the number of segments is increased significantly. This can cause congestions and result in a complete stall. Usually, the MSS is set to default values by the operating systems. A malicious actor leverages privileged access to manipulate the MSS value. A crafted sequence of SACK segments with a small MSS value is used to carry out the attack. The integer overflow occurs in the TCP_SKB_CB(skb)->tcp_gso_segs value when such an attack is accomplished.Affected Environments
All Linux OS based systems with kernel version 2.6.29 or aboveRemediation
Patches are available from major vendors for specific products. This information is available on their security bulletins: Amazon: https://aws.amazon.com/security/security-bulletins/AWS-2019-005/ SUSE: https://www.suse.com/de-de/support/kb/doc/?id=7023928 Cloudflare: https://twitter.com/jgrahamc/status/1140724787242819585 Redhat: https://access.redhat.com/security/vulnerabilities/tcpsack Debian: https://www.debian.org/security/2019/dsa-4465 Ubuntu: https://usn.ubuntu.com/4017-1/ Vmware: https://www.vmware.com/security/advisories/VMSA-2019-0010.html IBM:https://www.ibm.com/support/pages/security-bulletin-vulnerabilities-kernel-affect-power-hardware-management-console-cve-2019-11479cve-2019-11477-and-cve-2019-11478Prevention
Disable SACK Drop connection for low MSS value fragmentsLanguage: C
Good to know:
Base Score: |
|
---|---|
Attack Vector (AV): | Network |
Attack Complexity (AC): | Low |
Privileges Required (PR): | None |
User Interaction (UI): | None |
Scope (S): | Unchanged |
Confidentiality (C): | None |
Integrity (I): | None |
Availability (A): | High |
Base Score: |
|
---|---|
Access Vector (AV): | Network |
Access Complexity (AC): | Low |
Authentication (AU): | None |
Confidentiality (C): | None |
Integrity (I): | None |
Availability (A): | Complete |
Additional information: |