SUSE addresses the “SACK Panic” TCP remote denial of service attacks
Security researchers from Netflix have identified three new remote denial of service attacks against the Linux TCP stack.
These can be all exploited remotely as soon as a TCP port is open to the public in default settings.
There are three distinct issues:
- CVE-2019-11477: Also known as “SACK Panic”. A integer overflow when SACK processing of small TCP fragments can be used by remote attackers to crash the kernel.
- CVE-2019-11478: By sending SACK segments in crafted order remote attackers could fragment the SACK queue and cause increased use of memory, potentially running the system out of memory, and higher CPU load.
- CVE-2019-11479: A remote attacker could force heavy fragmentation of TCP segments, which could cause a higher amount of bandwith being used and also higher CPU load on the attacked system.
TID Link: TID 7023928