Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-11477

Date: June 18, 2019

Overview

A kernel panic or a denial of service in Linux can be triggered by an integer overflow. An attacker sends a crafted sequence of selective acknowledgments (SACK) on a TCP with a small value of MSS leading to a crash.

Details

SACK or selective acknowledgment is a part of the loss detection mechanism in TCP. A data receiver uses SACK to confirm the receipt of successful segments. This enables the senders to retransmit missing segments from a stream. In case a stream transmission was incomplete, SACK eliminates the need for larger retransmits. Thus, enabling SACK improves the efficiency of a network. Any TCP segment has a header that contains information about the segment size. Specifically, MSS or maximum segment size tells the receiving device the largest amount of data it can receive in bytes. If the MSS value is too small, the number of segments is increased significantly. This can cause congestions and result in a complete stall. Usually, the MSS is set to default values by the operating systems. A malicious actor leverages privileged access to manipulate the MSS value. A crafted sequence of SACK segments with a small MSS value is used to carry out the attack. The integer overflow occurs in the TCP_SKB_CB(skb)->tcp_gso_segs value when such an attack is accomplished.

Affected Environments

All Linux OS based systems with kernel version 2.6.29 or above

Remediation

Patches are available from major vendors for specific products. This information is available on their security bulletins: Amazon: https://aws.amazon.com/security/security-bulletins/AWS-2019-005/ SUSE: https://www.suse.com/de-de/support/kb/doc/?id=7023928 Cloudflare: https://twitter.com/jgrahamc/status/1140724787242819585 Redhat: https://access.redhat.com/security/vulnerabilities/tcpsack Debian: https://www.debian.org/security/2019/dsa-4465 Ubuntu: https://usn.ubuntu.com/4017-1/ Vmware: https://www.vmware.com/security/advisories/VMSA-2019-0010.html IBM:https://www.ibm.com/support/pages/security-bulletin-vulnerabilities-kernel-affect-power-hardware-management-console-cve-2019-11479cve-2019-11477-and-cve-2019-11478

Prevention

Disable SACK Drop connection for low MSS value fragments

Language: C

Good to know:

icon
icon

Integer Overflow or Wraparound

CWE-190
icon

Upgrade Version

Upgrade to version v5.2-rc6

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Complete
Additional information:

Related Resources (34)

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
https://nvd.nist.gov/vuln/detail/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/errata/RHSA-2019:1594
https://www.kb.cert.org/vuls/id/905115
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en
https://access.redhat.com/errata/RHSA-2019:1699
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://security-tracker.debian.org/tracker/CVE-2019-11477
https://support.f5.com/csp/article/K78234183
http://www.openwall.com/lists/oss-security/2019/06/20/3
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
http://www.openwall.com/lists/oss-security/2019/10/24/1
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006
https://www.synology.com/security/advisory/Synology_SA_19_28
https://www.us-cert.gov/ics/advisories/icsa-19-253-03
https://access.redhat.com/errata/RHSA-2019:1602
http://www.openwall.com/lists/oss-security/2019/10/29/3
https://kc.mcafee.com/corporate/index?page=content&id=SB10287
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.vmware.com/security/advisories/VMSA-2019-0010.html
https://security.netapp.com/advisory/ntap-20190625-0001/
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11477
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
https://www.oracle.com/security-alerts/cpujan2020.html
http://www.openwall.com/lists/oss-security/2019/07/06/4
http://www.openwall.com/lists/oss-security/2019/07/06/3
https://access.redhat.com/security/vulnerabilities/tcpsack
https://www.mend.io/vulnerability-database/CVE-2019-11477