SACK PANIC vulnerability - CVE-2019-11477, CVE-2019-11478 (4285075)

Chatee ahora con Soporte

Regresar

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Título

SACK PANIC vulnerability - CVE-2019-11477, CVE-2019-11478
Descripción

This knowledge article contains a resolution for the following vulnerabilities CVE-2019-11477 and CVE-2019-11478.
Causa

CVE-2019-11477, known as “SACK Panic,” is an integer overflow vulnerability that can be triggered by a remote attacker sending a sequence of TCP Selective ACKnowledgements (SACKs) to a vulnerable system, which could result in a system crash (kernel panic).
CVE-2019-11478 is an excess resource consumption vulnerability that can be triggered by a remote attacker sending a sequence of SACKs to a vulnerable system, resulting in the fragmentation of the TCP retransmission queue.
Resolución
Warning
- These actions will taint the firmware, which will prevent the upgrade of the appliance.
  Remove the tainted files before the next upgrade.
- This patch might be needed to re-apply on certain version after upgrades, if not included in the new version.
Resolution
- Login to boot shell, and use the following command to set kernel parameters:
sysctl -w net.ipv4.tcp_sack=0
- To make it permanent, make sure that /etc/sysctl.conf has the following entry:
net.ipv4.tcp_sack = 0

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Contenido recomendado

Producto(s):: One Identity Safeguard for Privileged Sessions
6.0.x LTS, 5.11.0, 5.10.0, 5.9.0, 5.8.0, 5.7.0, 5, 4, 3, 5.6.0c; syslog-ng Store Box
6.10.0, 6.9.0, 6.8.0, 6.7.0, 6.6.0, 6.5.0, 6.4.0, 6.3.0, 6.2.0, 6.1.0, 6.0.2, 6.0.1, 6.0, 5.3.0, 5.2.0, 5.1.0, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 4.0.7, 4.9.1

Historial del artículo:: Creado el: 6/21/2019
Última actualización: 5/7/2023

Título