CYBER NEWS

CVE-2019-11477: Flaw Linux Descoberto por Netflix Pesquisador

Um número de servidores e sistemas Linux e FreeBSD são vulneráveis ​​a uma negação de serviço vulnerabilidade apelidado Panic SACO, bem como outras formas de ataques.

Four security vulnerabilities affecting a range of Linux and FreeBSD servers were unearthed by a Netflix Information Security researcher, Jonathan Looney. One of the vulnerabilities, dubbed SACK Panic is more dangerous than the others, as it could lead to remotely-triggered kernel panic.




According to the official document, the vulnerabilities relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capacidades. The most serious one is called SACK Panic, and could allow a remotely-triggered kernel panic on recent Linux kernels.

Aqui está uma lista das vulnerabilidades:

CVE-2019-11477, also known as SACK Panic

The vulnerability affects Linux 2.6.29 e mais alto.

De acordo com a descrição oficial, a sequence of SACKs may be crafted to trigger an integer overflow, leading to a kernel panic. A kernel panic vulnerability means that the operating system is incapable of recovering quickly or, em alguns casos, at all. This could force a restart of the targeted machine, leading to a temporary shutdown in services.

CVE-2019-11478, also known as SACK Slowness

The vulnerability affects all Linux versions. It can be triggered if an attacker sends a crafted sequence of SACKs which will fragment the TCP retransmission queue. On Linux kernels prior to 4.15, the attacker could be able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection, os pesquisadores explicam.

CVE-2019-5599, also known as SACK Slowness

The vulnerability affects FreeBSD 12 using the RACK TCP Stack.

An attacker could send a crafted sequence of SACKs which will fragment the RACK send map. The attacker could further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.

relacionado: CVE-2019-5021: Bug em Docker oficiais imagens com base em Alpine Linux

CVE-2019-11479, also known as Excess Resource Consumption Due to Low MSS Values

The vulnerability affects all Linux versions.

According to the vulnerability’s official description, an attacker can force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data. This leads to the increase of the bandwidth required to deliver the same amount of data.

além disso, additional resources (CPU and NIC processing power) are also consumed. It’s noteworthy that this particular attack requires continued effort from the attacker, with its impact ending shortly after the attacker stops sending traffic.

The good news is that patches and workarounds are available for each vulnerability.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...