Um número de servidores e sistemas Linux e FreeBSD são vulneráveis a uma negação de serviço vulnerabilidade apelidado Panic SACO, bem como outras formas de ataques.
Four security vulnerabilities affecting a range of Linux and FreeBSD servers were unearthed by a Netflix Information Security researcher, Jonathan Looney. One of the vulnerabilities, dubbed SACK Panic is more dangerous than the others, as it could lead to remotely-triggered kernel panic.
According to the official document, the vulnerabilities relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capacidades. The most serious one is called SACK Panic, and could allow a remotely-triggered kernel panic on recent Linux kernels.
Aqui está uma lista das vulnerabilidades:
CVE-2019-11477, also known as SACK Panic
The vulnerability affects Linux 2.6.29 e mais alto.
De acordo com a descrição oficial, a sequence of SACKs may be crafted to trigger an integer overflow, leading to a kernel panic. A kernel panic vulnerability means that the operating system is incapable of recovering quickly or, em alguns casos, at all. This could force a restart of the targeted machine, leading to a temporary shutdown in services.
CVE-2019-11478, also known as SACK Slowness
The vulnerability affects all Linux versions. It can be triggered if an attacker sends a crafted sequence of SACKs which will fragment the TCP retransmission queue. On Linux kernels prior to 4.15, the attacker could be able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection, os pesquisadores explicam.
CVE-2019-5599, also known as SACK Slowness
The vulnerability affects FreeBSD 12 using the RACK TCP Stack.
An attacker could send a crafted sequence of SACKs which will fragment the RACK send map. The attacker could further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.
CVE-2019-11479, also known as Excess Resource Consumption Due to Low MSS Values
The vulnerability affects all Linux versions.
According to the vulnerability’s official description, an attacker can force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data. This leads to the increase of the bandwidth required to deliver the same amount of data.
além disso, additional resources (CPU and NIC processing power) are also consumed. It’s noteworthy that this particular attack requires continued effort from the attacker, with its impact ending shortly after the attacker stops sending traffic.
The good news is that patches and workarounds are available for each vulnerability.