CVE-2019-11477: Linux Flaw Discovered by Netflix Researcher
CYBER NEWS

CVE-2019-11477: Linux Flaw Discovered by Netflix Researcher

A number of Linux and FreeBSD servers and systems are vulnerable to a denial of service vulnerability dubbed SACK Panic, as well as other forms of attacks.

Four security vulnerabilities affecting a range of Linux and FreeBSD servers were unearthed by a Netflix Information Security researcher, Jonathan Looney. One of the vulnerabilities, dubbed SACK Panic is more dangerous than the others, as it could lead to remotely-triggered kernel panic.




According to the official document, the vulnerabilities relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious one is called SACK Panic, and could allow a remotely-triggered kernel panic on recent Linux kernels.

Here’s a list of the vulnerabilities:

CVE-2019-11477, also known as SACK Panic

The vulnerability affects Linux 2.6.29 and higher.

According to the official description, a sequence of SACKs may be crafted to trigger an integer overflow, leading to a kernel panic. A kernel panic vulnerability means that the operating system is incapable of recovering quickly or, in some cases, at all. This could force a restart of the targeted machine, leading to a temporary shutdown in services.

CVE-2019-11478, also known as SACK Slowness

The vulnerability affects all Linux versions. It can be triggered if an attacker sends a crafted sequence of SACKs which will fragment the TCP retransmission queue. On Linux kernels prior to 4.15, the attacker could be able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection, the researchers explain.

CVE-2019-5599, also known as SACK Slowness

The vulnerability affects FreeBSD 12 using the RACK TCP Stack.

An attacker could send a crafted sequence of SACKs which will fragment the RACK send map. The attacker could further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.

Related: CVE-2019-5021: Bug in Official Docker Images Based on Alpine Linux

CVE-2019-11479, also known as Excess Resource Consumption Due to Low MSS Values

The vulnerability affects all Linux versions.

According to the vulnerability’s official description, an attacker can force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data. This leads to the increase of the bandwidth required to deliver the same amount of data.

Furthermore, additional resources (CPU and NIC processing power) are also consumed. It’s noteworthy that this particular attack requires continued effort from the attacker, with its impact ending shortly after the attacker stops sending traffic.

The good news is that patches and workarounds are available for each vulnerability.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...