Share with friends and colleagues on social media

Security researchers from Netflix have identified three new remote denial of service attacks against the Linux TCP stack.
These can be all exploited remotely as soon as a TCP port is open to the public in default settings.

There are three distinct issues:

  • CVE-2019-11477: Also known as “SACK Panic”. A integer overflow when SACK processing of small TCP fragments can be used by remote attackers to crash the kernel.
  • CVE-2019-11478: By sending SACK segments in crafted order remote attackers could fragment the SACK queue and cause increased use of memory, potentially running the system out of memory, and higher CPU load.
  • CVE-2019-11479: A remote attacker could force heavy fragmentation of TCP segments, which could cause a higher amount of bandwith being used and also higher CPU load on the attacked system.

All SUSE Linux versions are affected by these problems.

SUSE has released security updates for all maintained distributions.

If you cannot install these updates right away, there are workarounds for the system or via firewalls, these are documented on our TID.

TID Link: TID 7023928

CVE links:

Share with friends and colleagues on social media

Category: Enterprise Linux, Server, SUSE Linux Enterprise, SUSE Linux Enterprise Server
This entry was posted Monday, 17 June, 2019 at 12:40 pm
You can follow any responses to this entry via RSS.

Comments

  • Guy Chapman says:

    When are we expecting kernel patches to be released?

  • Guy Chapman says:

    Hi – the text in this article says “SUSE has released security updates for all maintained distributions.” – However on clicking through to the TID, it just gives workarounds….. Have kernel pacthes been released?

    • Marcus Meissner says:

      Kernel updates have been released for all distributions, click on the CVE links to get the versions and releases.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *