Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0178.3 Updates for Linux kernel TCP Sad SACK vulnerability (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) (SB10287) 17 February 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Multiple McAfee products Operating System: Linux variants Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Mitigation CVE Names: CVE-2019-11479 CVE-2019-11478 CVE-2019-11477 Reference: ASB-2019.0174 ASB-2019.0172 ESB-2019.2433 ESB-2019.2378 Revision History: February 17 2020: Vendor updated advisory September 9 2019: Additional updates provided July 5 2019: Initial Release OVERVIEW Multiple McAfee products are affected by the Linux kernel TCP Sad SACK vulnerability (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) [1] IMPACT McAfee has provided the following information regarding the vulnerability and impact: "CVE-2019-11477 Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477 https://access.redhat.com/security/cve/cve-2019-11477 CVE-2019-11478 Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478 https://access.redhat.com/security/cve/cve-2019-11478 CVE-2019-11479 Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479 https://access.redhat.com/security/cve/cve-2019-11479 McAfee Product Vulnerability Status The table below shows the status of all currently supported products where McAfee provides the operating system. The table is populated with versions and dates released as they are made available." [1] MITIGATION McAfee recommends the following actions: "Apply workarounds where required and deploy the updates as they are made available." [1] Further details of vulnerable and fixed software versions and workarounds are provided in the referenced article. [1] REFERENCES [1] McAfee Security Bulletin - Updates for Linux kernel TCP Sad SACK vulnerability (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) https://kc.mcafee.com/corporate/index?page=content&id=SB10287 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXkoGImaOgq3Tt24GAQi5SQ/9EWwNkVi5dU3XM1gITVc+tvlbubZZu1lo ZunEnazNWGyZS1zZsbR2P4XQnb4C2p8dr+C50+JPUOgcJ/mpd/yDOUrRjRvHtFUK tL5wzKnBK+cRYoFm4Tel+HKlzKxdY3rn/1D9IwpjHqGsDug89Vg96wcbalfsnGPs HBhJMOQNPE77Zft0VKFd9Ws1y9aOMiEqzaI93sgZaPMbqp2qYUh1nDZWgCzWEuiF wDdXLF8ZtINF+Zs/+atAgOBEXkoi62nMZhoEuiX9p+EqDhQPOCylRu1b+xU2P36A XudpyyRF+gMevIdQmXucfW1Q2OLGfbHtD/MFTOquKVzN0NiRfxa41VuNG0xPA804 eJXk4OSUJlqHrXtt0OwMSOwVlljHCQLjeqGVC/s8snN3bL1ol2acDJEqyuaQxyN/ CMqYzzAjAUb9Gxg93kq/YwKXXVhXgLe8WCcJp3oYLazrEtLqkMlsms4yb2yFONBR fMr8xv8I7pQDC30FyVdWZYGZ8MfBay3wQJijgUgKhFyvOTx5ENKwOBHnKJm88okm HkPbZeIdrN2V9d8WdAXdzOH0+LnWKmtplZlrHy14iisV4gTawuCDAyHVURUMhD/U 7X8KmrON8uFkopl6tP81dVwKiAh8qjVN7iu9ZoTB/xTS5cIugUxxK46Qtnjw2Gv2 twM3z94oxTk= =9NxV -----END PGP SIGNATURE-----