Search...

CentOS 7 : kernel (CESA-2019:1481) (SACK Panic) (SACK Slowness)

2019-06-19T00:00:00

ID CENTOS_RHSA-2019-1481.NASL
Type nessus
Reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-03-02T00:00:00

Description

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es) :

An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)

Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2019:1481 and 
# CentOS Errata and Security Advisory 2019:1481 respectively.
#

include("compat.inc");

if (description)
{
  script_id(126006);
  script_version("1.6");
  script_cvs_date("Date: 2020/01/10");

  script_cve_id("CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479");
  script_xref(name:"RHSA", value:"2019:1481");

  script_name(english:"CentOS 7 : kernel (CESA-2019:1481) (SACK Panic) (SACK Slowness)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es) :

* An integer overflow flaw was found in the way the Linux kernel's
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel's socket
buffer (SKB) data structure becomes fragmented. Each fragment is about
TCP maximum segment size (MSS) bytes. To efficiently process SACK
blocks, the Linux kernel merges multiple fragmented SKBs into one,
potentially overflowing the variable holding the number of segments. A
remote attacker could use this flaw to crash the Linux kernel by
sending a crafted sequence of SACK segments on a TCP connection with
small value of TCP MSS, resulting in a denial of service (DoS).
(CVE-2019-11477)

* Kernel: tcp: excessive resource consumption while processing SACK
blocks allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with
low MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section."
  );
  # https://lists.centos.org/pipermail/centos-announce/2019-June/023333.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?913cb631"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11477");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" &gt;!&lt; release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bpftool-3.10.0-957.21.3.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-3.10.0-957.21.3.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-957.21.3.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-3.10.0-957.21.3.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-957.21.3.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-devel-3.10.0-957.21.3.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-doc-3.10.0-957.21.3.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-headers-3.10.0-957.21.3.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-3.10.0-957.21.3.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-957.21.3.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-957.21.3.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perf-3.10.0-957.21.3.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-perf-3.10.0-957.21.3.el7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc");
}

JSON Vulners Source

Initial Source

{"id": "CENTOS_RHSA-2019-1481.NASL", "bulletinFamily": "scanner", "title": "CentOS 7 : kernel (CESA-2019:1481) (SACK Panic) (SACK Slowness)", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An integer overflow flaw was found in the way the Linux kernel's\nnetworking subsystem processed TCP Selective Acknowledgment (SACK)\nsegments. While processing SACK segments, the Linux kernel's socket\nbuffer (SKB) data structure becomes fragmented. Each fragment is about\nTCP maximum segment size (MSS) bytes. To efficiently process SACK\nblocks, the Linux kernel merges multiple fragmented SKBs into one,\npotentially overflowing the variable holding the number of segments. A\nremote attacker could use this flaw to crash the Linux kernel by\nsending a crafted sequence of SACK segments on a TCP connection with\nsmall value of TCP MSS, resulting in a denial of service (DoS).\n(CVE-2019-11477)\n\n* Kernel: tcp: excessive resource consumption while processing SACK\nblocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with\nlow MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "published": "2019-06-19T00:00:00", "modified": "2021-03-02T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/126006", "reporter": "This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?913cb631"], "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "type": "nessus", "lastseen": "2021-03-01T01:37:05", "edition": 20, "viewCount": 26, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K26618426", "F5:K78234183", "F5:K75521003", "F5:K35421172"]}, {"type": "vmware", "idList": ["VMSA-2019-0010"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994611"]}, {"type": "cve", "idList": ["CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11477"]}, {"type": "symantec", "idList": ["SMNTC-1492", "SMNTC-108801"]}, {"type": "archlinux", "idList": ["ASA-201906-13", "ASA-201906-12", "ASA-201906-14", "ASA-201906-15"]}, {"type": "redhat", "idList": ["RHSA-2019:1594", "RHSA-2019:1481", "RHSA-2019:1484", "RHSA-2019:1602", "RHSA-2019:1486", "RHSA-2019:1480", "RHSA-2019:1479", "RHSA-2019:1490", "RHSA-2019:1485", "RHSA-2019:1482"]}, {"type": "citrix", "idList": ["CTX256918"]}, {"type": "attackerkb", "idList": ["AKB:B358B251-7E9D-453E-8802-E59A3DE72FAA"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310883066", "OPENVAS:1361412562310876513", "OPENVAS:1361412562310883065", "OPENVAS:1361412562311220191692", "OPENVAS:1361412562310876514", "OPENVAS:1361412562311220191792", "OPENVAS:1361412562310107017"]}, {"type": "fedora", "idList": ["FEDORA:48EB163233DC", "FEDORA:7809D6CB440C"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1481", "ELSA-2019-4684", "ELSA-2019-4686", "ELSA-2019-4689"]}, {"type": "mscve", "idList": ["MS:ADV190020"]}, {"type": "amazon", "idList": ["ALAS-2019-1222", "ALAS2-2019-1222"]}, {"type": "centos", "idList": ["CESA-2019:1488", "CESA-2019:1481"]}, {"type": "nessus", "idList": ["ARISTA_CVP_SA0041.NASL", "REDHAT-RHSA-2019-1602.NASL", "NEWSTART_CGSL_NS-SA-2019-0162_KERNEL.NASL", "REDHAT-RHSA-2019-1482.NASL", "AL2_ALAS-2019-1222.NASL", "RANCHEROS_1_5_3.NASL", "PALO_ALTO_PAN-SA-2019-0013.NASL", "SL_20190617_KERNEL_ON_SL7_X.NASL", "NEWSTART_CGSL_NS-SA-2019-0165_KERNEL.NASL", "ORACLEVM_OVMSA-2019-0026.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:17D0F37EF6943E743BE5812F4D3D87E6"]}, {"type": "zdt", "idList": ["1337DAY-ID-32884"]}, {"type": "virtuozzo", "idList": ["VZA-2019-052", "VZA-2019-051"]}, {"type": "cert", "idList": ["VU:905115"]}, {"type": "paloalto", "idList": ["PAN-SA-2019-0013"]}, {"type": "ics", "idList": ["ICSA-19-253-03"]}], "modified": "2021-03-01T01:37:05", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-03-01T01:37:05", "rev": 2}, "vulnersScore": 6.9}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1481 and \n# CentOS Errata and Security Advisory 2019:1481 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126006);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n script_xref(name:\"RHSA\", value:\"2019:1481\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2019:1481) (SACK Panic) (SACK Slowness)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An integer overflow flaw was found in the way the Linux kernel's\nnetworking subsystem processed TCP Selective Acknowledgment (SACK)\nsegments. While processing SACK segments, the Linux kernel's socket\nbuffer (SKB) data structure becomes fragmented. Each fragment is about\nTCP maximum segment size (MSS) bytes. To efficiently process SACK\nblocks, the Linux kernel merges multiple fragmented SKBs into one,\npotentially overflowing the variable holding the number of segments. A\nremote attacker could use this flaw to crash the Linux kernel by\nsending a crafted sequence of SACK segments on a TCP connection with\nsmall value of TCP MSS, resulting in a denial of service (DoS).\n(CVE-2019-11477)\n\n* Kernel: tcp: excessive resource consumption while processing SACK\nblocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with\nlow MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-June/023333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?913cb631\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11477\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.21.3.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "126006", "cpe": ["p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "p-cpe:/a:centos:centos:kernel-doc", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug-devel"], "scheme": null, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}

{"vmware": [{"lastseen": "2020-02-26T08:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11477"], "description": "##### **1\\. Impacted Products**\n\n * AppDefense\n * Container Service Extension\n * Enterprise PKS\n * Horizon DaaS\n * Hybrid Cloud Extension\n * Identity Manager\n * Integrated OpenStack\n * NSX for vSphere\n * NSX-T Data Center\n * Pulse Console\n * SD-WAN Edge by VeloCloud\n * SD-WAN Gateway by VeloCloud\n * SD-WAN Orchestrator by VeloCloud\n * Skyline Collector\n * Unified Access Gateway\n * vCenter Server Appliance\n * vCloud Availability Appliance\n * vCloud Director For Service Providers\n * vCloud Usage Meter\n * vRealize Automation\n * vRealize Business for Cloud\n * vRealize Code Stream\n * vRealize Log Insight\n * vRealize Network Insight\n * vRealize Operations Manager\n * vRealize Orchestrator Appliance\n * vRealize Suite Lifecycle Manager\n * vSphere Data Protection\n * vSphere Integrated Containers\n * vSphere Replication \n\n\n##### **2\\. Introduction**\n\n###### Several vulnerabilities in the Linux kernel implementation of TCP Selective Acknowledgement (SACK) have been disclosed. These issues may allow a malicious entity to execute a Denial of Service attack against affected products.\n\n##### **3\\. Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) CVE-2019-11477, CVE-2019-11478** \n\n\n**Description: \n** \nThere are two uniquely identifiable vulnerabilities associated with the Linux kernel implementation of SACK:\n\n * [CVE-2019-11477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477>) \\- SACK Panic - A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of [7.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>).\n * [CVE-2019-11478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478>) \\- SACK Excess Resource Usage - a crafted sequence of SACKs will fragment the TCP retransmission queue, causing resource exhaustion. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of [5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>).\n\n**Known Attack Vectors: \n** \nA malicious actor must have network access to an affected system including the ability to send traffic with low MSS values to the target. Successful exploitation of these issues may cause the target system to crash or significantly degrade performance. \n** \nResolution: \n** \nTo remediate [CVE-2019-11477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477>) and [CVE-2019-11478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478>) update/upgrade to the versions listed in the 'Fixed Version' column of the 'Resolution Matrix' found below. \n** \nWorkarounds: \n** \nSome VMware Virtual Appliances can workaround [CVE-2019-11477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477>) and [CVE-2019-11478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478>) by either disabling SACK or by modifying the built in firewall (if available) in the base OS of the product to drop incoming connections with a low MSS value. In-product workarounds (if available) have been enumerated in the 'Workarounds' column of the 'Resolution Matrix' found below. \n** \nAdditional Documentations: \n** \nNone. \n** \nAcknowledgements: \n** \nNone. \n** \nResponse Matrix:**\n", "edition": 6, "modified": "2020-02-25T00:00:00", "published": "2019-07-02T00:00:00", "id": "VMSA-2019-0010", "href": "https://www.vmware.com/security/advisories/VMSA-2019-0010.html", "title": "VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)", "type": "vmware", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "f5": [{"lastseen": "2020-04-06T22:40:14", "bulletinFamily": "software", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-5599", "CVE-2019-11479"], "description": "\nF5 Product Development has assigned ID 795197 (BIG-IP, BIG-IQ, Enterprise Manager, and F5 iWorkflow) and CPF-25102 (Traffix SDC) to this vulnerability. Additionally, [F5 iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H26618426 on the **Diagnostics** > **Identified** > **High** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 - 15.0.1 | 15.1.0 \n15.0.1.1 | Medium | [5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) | Self IP addresses \nControl plane (management interface) \n \nBackend systems accessed via a FastL4 virtual server \n14.x | 14.0.0 - 14.1.2 | 14.1.2.1 \n14.0.1.1 \n13.x | 13.1.0 - 13.1.3 | 13.1.3.2 \n12.x | 12.1.0 - 12.1.5 | 12.1.5.1 \n11.x | 11.5.2 - 11.6.5 | 11.6.5.1 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) | Self IP addresses \nControl plane (management interface) \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) | Self IP addresses \nControl plane (management interface) \n5.x | 5.1.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) | Linux kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) | Linux kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nBIG-IP, BIG-IQ, and Enterprise Manager\n\n * **Self IP addresses**\n\nTo mitigate risk to this vulnerability for self IP addresses, configure the **Port Lockdown** setting to **Allow None**. For information about configuring the **Port Lockdown **setting, refer to [K17333: Overview of port lockdown behavior (12.x - 14.x)](<https://support.f5.com/csp/article/K17333>) or [K39403510: Managing the port lockdown configuration on the BIG-IQ system](<https://support.f5.com/csp/article/K39403510>).\n\nAlternatively, if configuring the **Port Lockdown** setting to **Allow None** is not an option for your specific environment, you can mitigate this vulnerability by disabling TCP Selective Acknowledgements. To do so perform the following procedure: \n\n**Impact of procedure**: The impact of the mitigation depends on the specific environment. When you disable TCP SACK, performance may be degraded. F5 recommends testing any such changes during a maintenance window with consideration to the possible impact on your specific environment.\n\n**Important**: The following procedure requires you to modify a system **sysctl** variable. When modifying system **sysctl** variables, be aware of the following considerations:\n\n * The modified **sysctl **variable will not survive a system restart. You must re-perform the following procedure after a reboot.\n * For a multi-blade chassis system, you must modify the **sysctl **variable on each blade. You must perform the procedure on all blades in a multi-blade chassis system.\n * For a Virtual Clustered Multiprocessing (vCMP) system, you must modify the **sysctl **variable on the host/hypervisor and on each (all) of the vCMP guests. You must perform the procedure on the host and each guest.\n 1. Log in to the BIG-IP command line.\n 2. Disable TCP SACK by typing the following command: \n\nsysctl -w net.ipv4.tcp_sack=0\n\n * **Control plane (management interface)**\n\nTo mitigate risk to this vulnerability for the control plane (management interface), you should permit management access to F5 products only over a secure network and restrict command line access for affected systems to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 14.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\nAlternatively, you can also mitigate this vulnerability on the control plane (management interface) by disabling TCP Selective Acknowledgements. To do so perform the procedure for disabling TCP SACK listed in the previous **Self IP addresses** mitigation.\n\n**Note**: If you disabled TCP SACK for self IP addresses, you don't need to repeat the procedure for the control plane (management interface). \n\n * **Protecting backend systems accessed via a FastL4 virtual server (BIG-IP)**\n\nTo mitigate this vulnerability and protect backend systems accessed via a FastL4 virtual server, you can configure the FastL4 profile to strip the Selective Acknowledgement. To do so, perform the following procedure:\n\n**Impact of procedure**: The impact of the mitigation depends on the specific environment. F5 recommends testing any such changes during a maintenance window with consideration to the possible impact on your specific environment.\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **Local Traffic** > **Profiles** > **Protocol** > **Fast L4**.\n 3. Select the affected FastL4 profile. \n\n**Note**: If the affected profile is the default FastL4 profile, you should create a new custom FastL4 profile instead of modifying the default profile. Create a custom profile using the default profile as the parent profile. You can then modify some or all of the values defined in the custom profile, while leaving the parent profile settings at their default values. For information, refer to [K14488: Working with profiles](<https://support.f5.com/csp/article/K14488>).\n\n 4. Select the **Strip Sack OK** check box.\n 5. Click **Update**.\n\n * [K35421172: Excess resource consumption due to low MSS values vulnerability CVE-2019-11479](<https://support.f5.com/csp/article/K35421172>)\n * [K78234183: Linux SACK Panic vulnerability CVE-2019-11477](<https://support.f5.com/csp/article/K78234183>)\n * [K75521003: FreeBSD SACK Slowness vulnerability CVE-2019-5599](<https://support.f5.com/csp/article/K75521003>)\n * [K11948: Configuring the BIG-IP system to run commands or scripts upon system startup](<https://support.f5.com/csp/article/K11948>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2020-02-10T16:59:00", "published": "2019-06-19T08:03:00", "id": "F5:K26618426", "href": "https://support.f5.com/csp/article/K26618426", "title": "Linux SACK Slowness vulnerability CVE-2019-11478", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-06T22:39:21", "bulletinFamily": "software", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-5599", "CVE-2019-11479"], "description": "\nF5 Product Development has assigned ID 795197 (BIG-IP, BIG-IQ, Enterprise Manager, and F5 iWorkflow) and CPF-25102 (Traffix SDC) to this vulnerability. Additionally, [F5 iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H78234183 on the **Diagnostics** > **Identified** > **High** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 - 15.0.1 | 15.1.0 \n15.0.1.1 | High | [7.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>) | Self IP addresses \nControl plane (management interface) \n \nBackend systems accessed via a FastL4 virtual server \n14.x | 14.0.0 - 14.1.2 | 14.1.2.1 \n14.0.1.1 \n13.x | 13.1.0 - 13.1.3 | 13.1.3.2 \n12.x | 12.1.0 - 12.1.5 | 12.1.5.1 \n11.x | 11.5.2 - 11.6.5 | 11.6.5.1 \nEnterprise Manager | 3.x | 3.1.1 | None | High | [7.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>) | Self IP addresses \nControl plane (management interface) \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | High | [7.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>) | Self IP addresses \nControl plane (management interface) \n5.x | 5.1.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | High | [7.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>) | Linux kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | High | [7.5](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>) | Linux kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nBIG-IP, BIG-IQ, and Enterprise Manager\n\n * **Self IP addresses**\n\nTo mitigate risk to this vulnerability for self IP addresses, configure the **Port Lockdown** setting to **Allow None**. For information about configuring the **Port Lockdown **setting, refer to [K17333: Overview of port lockdown behavior (12.x - 14.x)](<https://support.f5.com/csp/article/K17333>) or [K39403510: Managing the port lockdown configuration on the BIG-IQ system](<https://support.f5.com/csp/article/K39403510>).\n\nAlternatively, if configuring the **Port Lockdown** setting to **Allow None** is not an option for your specific environment, you can mitigate this vulnerability by disabling TCP Selective Acknowledgements. To do so perform the following procedure: \n\n**Impact of procedure**: The impact of the mitigation depends on the specific environment. When you disable TCP SACK, performance may be degraded. F5 recommends testing any such changes during a maintenance window with consideration to the possible impact on your specific environment.\n\n**Important**: The following procedure requires you to modify a system **sysctl** variable. When modifying system **sysctl** variables, be aware of the following considerations:\n\n * The modified **sysctl **variable will not survive a system restart. You must re-perform the following procedure after a reboot.\n * For a multi-blade chassis system, you must modify the **sysctl **variable on each blade. You must perform the procedure on all blades in a multi-blade chassis system.\n * For a Virtual Clustered Multiprocessing (vCMP) system, you must modify the **sysctl **variable on the host/hypervisor and on each (all) of the vCMP guests. You must perform the procedure on the host and each guest.\n 1. Log in to the BIG-IP command line.\n 2. Disable TCP SACK by typing the following command: \n\nsysctl -w net.ipv4.tcp_sack=0\n\n * **Control plane (management interface)**\n\nTo mitigate risk to this vulnerability for the control plane (management interface), you should permit management access to F5 products only over a secure network and restrict command line access for affected systems to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 14.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\nAlternatively, you can also mitigate this vulnerability on the control plane (management interface) by disabling TCP Selective Acknowledgements. To do so perform the procedure for disabling TCP SACK listed in the previous **Self IP addresses **mitigation.\n\n**Note**: If you disabled TCP SACK for self IP addresses, you don't need to repeat the procedure for the control plane (management interface). \n\n * **Protecting backend systems accessed via a FastL4 virtual server (BIG-IP)**\n\nTo mitigate this vulnerability and protect backend systems accessed via a FastL4 virtual server, you can configure the FastL4 profile to strip the Selective Acknowledgement. To do so, perform the following procedure:\n\n**Impact of procedure**: The impact of the mitigation depends on the specific environment. F5 recommends testing any such changes during a maintenance window with consideration to the possible impact on your specific environment.\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **Local Traffic** > **Profiles** > **Protocol** > **Fast L4**.\n 3. Select the affected FastL4 profile. \n\n**Note**: If the affected profile is the default FastL4 profile, you should create a new custom FastL4 profile instead of modifying the default profile. Create a custom profile using the default profile as the parent profile. You can then modify some or all of the values defined in the custom profile, while leaving the parent profile settings at their default values. For information, refer to [K14488: Working with profiles](<https://support.f5.com/csp/article/K14488>).\n\n 4. Select the **Strip Sack OK** check box.\n 5. Click **Update**.\n\n * [K35421172: Excess resource consumption due to low MSS values vulnerability CVE-2019-11479](<https://support.f5.com/csp/article/K35421172>)\n * [K26618426: Linux SACK Slowness vulnerability CVE-2019-11478](<https://support.f5.com/csp/article/K26618426>)\n * [K75521003: FreeBSD SACK Slowness vulnerability CVE-2019-5599](<https://support.f5.com/csp/article/K75521003>)\n * [K11948: Configuring the BIG-IP system to run commands or scripts upon system startup](<https://support.f5.com/csp/article/K11948>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2020-02-10T12:10:00", "published": "2019-06-19T08:02:00", "id": "F5:K78234183", "href": "https://support.f5.com/csp/article/K78234183", "title": "Linux SACK Panic vulnerability CVE-2019-11477", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-06T22:40:27", "bulletinFamily": "software", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-5599", "CVE-2019-11479"], "description": "\nF5 Product Development has assigned ID 795197 (BIG-IP, BIG-IQ, Enterprise Manager, and F5 iWorkflow) and CPF-25102 (Traffix SDC) to this vulnerability. Additionally, [F5 iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H35421172 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 - 15.0.1 | 15.1.0 \n15.0.1.1 | Medium | [5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) | Self IP addresses \nControl plane (management interface) \n \nBackend systems accessed via a FastL4 virtual server \n14.x | 14.0.0 - 14.1.2 | 14.1.2.1 \n14.0.1.1 \n13.x | 13.1.0 - 13.1.3 | 13.1.3.2 \n12.x | 12.1.0 - 12.1.5 | 12.1.5.1 \n11.x | 11.5.2 - 11.6.5 | 11.6.5.1 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) | Self IP addresses \nControl plane (management interface) \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Medium | [5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) | Self IP addresses \nControl plane (management interface) \n5.x | 5.1.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) | Linux kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) | Linux kernel \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nBIG-IP, BIG-IQ, and Enterprise Manager\n\n * **Self IP addresses**\n\nTo mitigate risk to this vulnerability for self IP addresses, you can configure the **Port Lockdown** setting to **Allow None**. For information about configuring the** Port Lockdown** setting, refer to [K17333: Overview of port lockdown behavior (12.x - 15.x)](<https://support.f5.com/csp/article/K17333>).\n\nAlternatively, if configuring the **Port Lockdown** setting to **Allow None** is not an option for your specific environment, you can mitigate this vulnerability by using iptables to drop packets with a low MSS value.\n\n * **Control plane (management interface)**\n\nTo mitigate risk to this vulnerability for the control plane (management interface), you should permit management access to F5 products only over a secure network and restrict command line access for affected systems to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 15.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\nAlternatively, you can also mitigate this vulnerability on the control plane (management interface) by configuring iptables to drop packets with a low MSS value.\n\n**Impact of mitigation**: The impact of dropping packets with a low MSS value depends on your specific environment. F5 recommends testing any such changes during a maintenance window with consideration to the possible impact on your specific environment.\n\nTo add iptables rules in the **/config/startup** file, use the following command syntax:\n\n/usr/sbin/xtables-multi iptables -A INPUT -p tcp -m tcpmss --mss <min>:<max> -j DROP\n\n/usr/sbin/xtables-multi ip6tables -A INPUT -p tcp -m tcpmss --mss <min>:<max> -j DROP\n\nWhere **<min>:<max>** is the MSS value range you want to drop.\n\n**Important**: The 500 MSS value used in the following example is an example value; use a value appropriate for your specific environment.\n\nFor example, to drop packets with an MSS under 500, use the following iptables rules:\n\niptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP \nip6tables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP\n\n * **Protecting backend systems accessed via a FastL4 virtual server (BIG-IP)**\n\nTo mitigate risk to this vulnerability for a FastL4 virtual server, you can use an iRule to drop packets with a low MSS.\n\n**Impact of mitigation**: The impact of dropping packets with a low MSS value depends on your specific environment. F5 recommends testing any such changes during a maintenance window with consideration to the possible impact on your specific environment.\n\nTo drop packets with an MSS of 500 or lower, you can configure the FastL4 virtual server to use an iRule similar to the following:\n\n**Important**: The 500 MSS value used in the following iRule is an example value; use a value appropriate for your specific environment.\n\nwhen CLIENT_ACCEPTED { \nif { [TCP::mss] <= 500 } { \ndrop \n} \n}\n\n * [K78234183: Linux SACK Panic vulnerability CVE-2019-11477](<https://support.f5.com/csp/article/K78234183>)\n * [K26618426: Linux SACK Slowness vulnerability CVE-2019-11478](<https://support.f5.com/csp/article/K26618426>)\n * [K75521003: FreeBSD SACK Slowness vulnerability CVE-2019-5599](<https://support.f5.com/csp/article/K75521003>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2020-02-10T20:28:00", "published": "2019-06-19T08:21:00", "id": "F5:K35421172", "href": "https://support.f5.com/csp/article/K35421172", "title": "Excess resource consumption due to low MSS values vulnerability CVE-2019-11479", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-06T22:39:36", "bulletinFamily": "software", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-5599", "CVE-2019-11479"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\n * [K35421172: Excess resource consumption due to low MSS values vulnerability CVE-2019-11479](<https://support.f5.com/csp/article/K35421172>)\n * [K78234183: Linux SACK Panic vulnerability CVE-2019-11477](<https://support.f5.com/csp/article/K78234183>)\n * [K26618426: Linux SACK Slowness vulnerability CVE-2019-11478](<https://support.f5.com/csp/article/K26618426>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-08-01T18:12:00", "published": "2019-06-19T07:51:00", "id": "F5:K75521003", "href": "https://support.f5.com/csp/article/K75521003", "title": "FreeBSD SACK Slowness vulnerability CVE-2019-5599", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "myhack58": [{"lastseen": "2019-06-19T15:33:49", "bulletinFamily": "info", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "0x00 vulnerability description \n2019 6 May 18, RedHat official website released a report: security researchers in the Linux kernel handles the TCP SACK data packet module found three vulnerabilities, the CVE number for CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479, wherein the CVE-2019-11477 vulnerability can reduce the system operating efficiency, and may be sent to remote attacker for denial of service attacks, the extent of the impact is serious. \n360CERT it is determined that the vulnerability affects a wide, serious harm, the recommendations of the majority of users timely updated. \nVulnerability details \nSACK(Selective ACK)is a TCP option, it makes the recipient tell the sender which packet segment is lost, which packets the segment retransmission, and which message segments have been received in advance and other information. Based on this information, TCP can only retransmit what really lost packet segment. Note that only received out of sequence packet only when the might send SACK, the TCP ACK or the establishment in the cumulative acknowledgment based on. \nThe Linux SKB can accommodate up to 17 fragment: \nlinux/include/linux/skbuff. h \ndefine MAX_SKB_FRAGS (65536/PAGE_SIZE + 1) => 17 \nEach segment in the x86\uff08PowerPC on of 64KB of data can accommodate a maximum of 32KB, when the data packet will be sent when it is placed in the send queue, which detailed information stored in the control buffer structure: \nlinux/include/linux/skbuff. h \nstruct tcp_skb_cb { \n__u32 seq; /* Starting sequence number */ \n__u32 end_seq; /* SEQ + FIN + SYN + datalen */ \n__u32 tcp_tw_isn; \nstruct { \nu16 tcp_gso_segs; \nu16 tcp_gso_size; \n}; \n__u8 tcp_flags; /2* TCP header flags. (tcp[13]) */ \n... \n} \ntcp_gso_segs for recording the number of data packets, the type is u16, the record up to 65526 one. But the SACK mechanism allows TCP retransmission to merge multiple SKB queue, which fills 17 fragments to maximum capacity, 17 321024 /8 = 69632, causing tcp_gso_segs an integer overflow, which triggers a BUG_ON\uff08\uff09call, causing the kernel to crash. \nstatic bool tcp_shifted_skb (struct sock *sk, ..., unsigned int pcount, ...) \n{ \n... \ntcp_skb_pcount_add(prev, pcount); \nBUG_ON(tcp_skb_pcount(skb) SACK panic \ntcp_skb_pcount_add(skb, -pcount); \n... \n} \nAn attacker can send a series of particular SACK packet, trigger the kernel module integer overflow vulnerability, leading to a remote denial of service attack. \n\n0x01 impact version \nImpact of the Linux kernel 2. 6. 29 and above versions \n\n0x02 repair program \n\uff081\uff09timely update patch \nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001/PATCH_net_1_4.patch \nThe Linux kernel version>=4.14 need to hit the second patch \nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001/PATCH_net_1a.patch \n\uff082\uff09to disable SACK processing \necho 0 > /proc/sys/net/ipv4/tcp_sack \n\uff083\uff09the use of filters to block the attack \nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001/block-low-mss/README.md \nThis alleviates the need to disable TCP to detect when a valid, i.e. in the/etc/sysctl. conf file in the net. ipv4. tcp_mtu_probingsysctl set to 0 \n\uff084\uff09RedHat users can use the following script to check whether the system is flawed \nhttps://access.redhat.com/sites/default/files/cve-2019-11477-2019-06-17-1629.sh \n\n", "edition": 1, "modified": "2019-06-19T00:00:00", "published": "2019-06-19T00:00:00", "id": "MYHACK58:62201994611", "href": "http://www.myhack58.com/Article/html/3/62/2019/94611.htm", "title": "CVE-2019-11477: Linux kernel TCP SACK mechanism remote Dos early warning analysis-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2021-02-02T07:12:48", "description": "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.", "edition": 33, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-06-19T00:15:00", "title": "CVE-2019-11479", "type": "cve", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11479"], "modified": "2020-10-20T22:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:f5:traffix_sdc:5.1.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:f5:iworkflow:2.3.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:f5:big-iq_centralized_management:6.1.0", "cpe:/a:f5:big-iq_centralized_management:5.4.0", "cpe:/a:redhat:virtualization_host:4.0", "cpe:/a:f5:enterprise_manager:3.1.1", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2019-11479", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11479", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-iq_centralized_management:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:traffix_sdc:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-iq_centralized_management:5.4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:12:48", "description": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.", "edition": 36, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-06-19T00:15:00", "title": "CVE-2019-11478", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11478"], "modified": "2020-10-20T22:15:00", "cpe": ["cpe:/a:f5:big-ip_domain_name_system:13.1.1", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.4", "cpe:/a:f5:big-ip_analytics:11.6.4", "cpe:/a:f5:big-ip_advanced_firewall_manager:14.1.0", "cpe:/a:f5:big-ip_webaccelerator:13.1.1", "cpe:/a:f5:big-ip_application_security_manager:14.1.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.4", "cpe:/a:f5:big-ip_application_security_manager:15.0.0", "cpe:/a:f5:big-ip_link_controller:15.0.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:14.1.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:f5:big-ip_link_controller:14.1.0", "cpe:/a:f5:traffix_sdc:5.1.0", "cpe:/o:redhat:enterprise_linux:5.0", "cpe:/a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.4", "cpe:/a:f5:big-ip_access_policy_manager:13.1.1", "cpe:/a:f5:big-ip_application_security_manager:12.1.4", "cpe:/a:f5:big-ip_advanced_firewall_manager:15.0.0", "cpe:/a:f5:big-ip_domain_name_system:15.0.0", "cpe:/a:f5:big-ip_local_traffic_manager:15.0.0", "cpe:/a:f5:big-ip_application_acceleration_manager:11.6.4", "cpe:/a:f5:big-ip_application_acceleration_manager:15.0.0", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.4", "cpe:/a:f5:big-ip_access_policy_manager:15.0.0", "cpe:/a:f5:big-ip_application_acceleration_manager:13.1.1", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:redhat:enterprise_linux_aus:6.6", "cpe:/a:f5:big-ip_edge_gateway:11.6.4", "cpe:/a:f5:big-ip_policy_enforcement_manager:13.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:14.1.0", "cpe:/o:redhat:enterprise_linux_eus:7.4", "cpe:/a:f5:big-ip_webaccelerator:11.6.4", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/a:f5:big-ip_fraud_protection_service:14.1.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:pulsesecure:pulse_connect_secure:-", "cpe:/a:f5:big-ip_application_security_manager:13.1.1", "cpe:/a:f5:big-ip_global_traffic_manager:13.1.1", "cpe:/a:f5:big-ip_webaccelerator:15.0.0", "cpe:/a:f5:big-ip_edge_gateway:14.1.0", "cpe:/a:f5:big-ip_application_security_manager:11.6.4", "cpe:/a:f5:big-ip_fraud_protection_service:12.1.4", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/a:f5:big-ip_edge_gateway:15.0.0", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:f5:big-ip_advanced_firewall_manager:13.1.1", "cpe:/a:f5:big-ip_global_traffic_manager:14.1.0", "cpe:/a:f5:big-ip_domain_name_system:12.1.4", "cpe:/a:redhat:enterprise_linux_atomic_host:-", "cpe:/a:f5:big-ip_analytics:13.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.4", "cpe:/a:f5:big-ip_local_traffic_manager:11.6.4", "cpe:/a:f5:big-ip_link_controller:12.1.4", "cpe:/a:f5:big-ip_link_controller:11.6.4", "cpe:/a:redhat:enterprise_mrg:2.0", "cpe:/a:f5:big-ip_webaccelerator:12.1.4", "cpe:/o:redhat:enterprise_linux_aus:6.5", "cpe:/a:f5:big-ip_webaccelerator:14.1.0", "cpe:/a:f5:big-ip_global_traffic_manager:11.6.4", "cpe:/a:f5:big-ip_access_policy_manager:11.6.4", "cpe:/a:f5:big-ip_fraud_protection_service:13.1.1", "cpe:/a:f5:big-ip_edge_gateway:13.1.1", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.4", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/a:f5:big-ip_domain_name_system:11.6.4", "cpe:/a:f5:big-ip_domain_name_system:14.1.0", "cpe:/a:pulsesecure:pulse_policy_secure:-", "cpe:/a:f5:big-ip_analytics:12.1.4", "cpe:/a:f5:big-ip_access_policy_manager:14.1.0", "cpe:/a:f5:big-ip_application_acceleration_manager:14.1.0", "cpe:/a:f5:big-ip_analytics:14.1.0", "cpe:/a:f5:big-ip_fraud_protection_service:15.0.0", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.4", "cpe:/o:redhat:enterprise_linux_eus:7.5", "cpe:/a:f5:big-ip_link_controller:13.1.1", "cpe:/a:f5:big-ip_analytics:15.0.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:15.0.0", "cpe:/a:f5:big-ip_access_policy_manager:12.1.4", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/a:f5:big-ip_fraud_protection_service:11.6.4", "cpe:/a:f5:big-ip_local_traffic_manager:13.1.1", "cpe:/a:f5:big-ip_global_traffic_manager:15.0.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:f5:big-ip_edge_gateway:12.1.4"], "id": "CVE-2019-11478", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11478", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:f5:big-ip_edge_gateway:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:-:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:traffix_sdc:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.4:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:12:48", "description": "Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.", "edition": 35, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-06-19T00:15:00", "title": "CVE-2019-11477", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477"], "modified": "2020-10-20T22:15:00", "cpe": ["cpe:/a:f5:big-ip_domain_name_system:13.1.1", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.4", "cpe:/a:f5:big-ip_analytics:11.6.4", "cpe:/a:f5:big-ip_advanced_firewall_manager:14.1.0", "cpe:/a:f5:big-ip_webaccelerator:13.1.1", "cpe:/a:f5:big-ip_application_security_manager:14.1.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.4", "cpe:/a:f5:big-ip_application_security_manager:15.0.0", "cpe:/a:f5:big-ip_link_controller:15.0.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:14.1.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:f5:big-ip_link_controller:14.1.0", "cpe:/a:f5:traffix_sdc:5.1.0", "cpe:/o:redhat:enterprise_linux:5.0", "cpe:/a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.4", "cpe:/a:f5:big-ip_access_policy_manager:13.1.1", "cpe:/a:f5:big-ip_application_security_manager:12.1.4", "cpe:/a:f5:big-ip_advanced_firewall_manager:15.0.0", "cpe:/a:f5:big-ip_domain_name_system:15.0.0", "cpe:/a:f5:big-ip_local_traffic_manager:15.0.0", "cpe:/a:f5:big-ip_application_acceleration_manager:11.6.4", "cpe:/a:f5:big-ip_application_acceleration_manager:15.0.0", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.4", "cpe:/a:f5:big-ip_access_policy_manager:15.0.0", "cpe:/a:f5:big-ip_application_acceleration_manager:13.1.1", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:redhat:enterprise_linux_aus:6.6", "cpe:/a:f5:big-ip_edge_gateway:11.6.4", "cpe:/a:f5:big-ip_policy_enforcement_manager:13.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:14.1.0", "cpe:/o:redhat:enterprise_linux_eus:7.4", "cpe:/a:f5:big-ip_webaccelerator:11.6.4", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/a:f5:big-ip_fraud_protection_service:14.1.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:pulsesecure:pulse_connect_secure:-", "cpe:/a:f5:big-ip_application_security_manager:13.1.1", "cpe:/a:f5:big-ip_global_traffic_manager:13.1.1", "cpe:/a:f5:big-ip_webaccelerator:15.0.0", "cpe:/a:f5:big-ip_edge_gateway:14.1.0", "cpe:/a:f5:big-ip_application_security_manager:11.6.4", "cpe:/a:f5:big-ip_fraud_protection_service:12.1.4", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/a:f5:big-ip_edge_gateway:15.0.0", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:f5:big-ip_advanced_firewall_manager:13.1.1", "cpe:/a:f5:big-ip_global_traffic_manager:14.1.0", "cpe:/a:f5:big-ip_domain_name_system:12.1.4", "cpe:/a:redhat:enterprise_linux_atomic_host:-", "cpe:/a:f5:big-ip_analytics:13.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.4", "cpe:/a:f5:big-ip_local_traffic_manager:11.6.4", "cpe:/a:f5:big-ip_link_controller:12.1.4", "cpe:/a:f5:big-ip_link_controller:11.6.4", "cpe:/a:redhat:enterprise_mrg:2.0", "cpe:/a:f5:big-ip_webaccelerator:12.1.4", "cpe:/o:redhat:enterprise_linux_aus:6.5", "cpe:/a:f5:big-ip_webaccelerator:14.1.0", "cpe:/a:f5:big-ip_global_traffic_manager:11.6.4", "cpe:/a:f5:big-ip_access_policy_manager:11.6.4", "cpe:/a:f5:big-ip_fraud_protection_service:13.1.1", "cpe:/a:f5:big-ip_edge_gateway:13.1.1", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.4", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/a:f5:big-ip_domain_name_system:11.6.4", "cpe:/a:f5:big-ip_domain_name_system:14.1.0", "cpe:/a:pulsesecure:pulse_policy_secure:-", "cpe:/a:f5:big-ip_analytics:12.1.4", "cpe:/a:f5:big-ip_access_policy_manager:14.1.0", "cpe:/a:f5:big-ip_application_acceleration_manager:14.1.0", "cpe:/a:f5:big-ip_analytics:14.1.0", "cpe:/a:f5:big-ip_fraud_protection_service:15.0.0", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.4", "cpe:/o:redhat:enterprise_linux_eus:7.5", "cpe:/a:f5:big-ip_link_controller:13.1.1", "cpe:/a:f5:big-ip_analytics:15.0.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:15.0.0", "cpe:/a:f5:big-ip_access_policy_manager:12.1.4", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/a:f5:big-ip_fraud_protection_service:11.6.4", "cpe:/a:f5:big-ip_local_traffic_manager:13.1.1", "cpe:/a:f5:big-ip_global_traffic_manager:15.0.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:f5:big-ip_edge_gateway:12.1.4"], "id": "CVE-2019-11477", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11477", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:f5:big-ip_edge_gateway:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:-:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:traffix_sdc:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.4:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2020-01-15T18:27:18", "bulletinFamily": "software", "cvelist": ["CVE-2019-11477"], "description": "### Description\n\nLinux Kernel is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions.\n\n### Technologies Affected\n\n * Bluecoat Mail Threat Defense 1.1 \n * Bluecoat Malware Analysis Appliance 4.2 \n * Bluecoat PacketShaper S-Series 11.10 \n * Bluecoat PacketShaper S-Series 11.6 \n * Bluecoat PacketShaper S-Series 11.9 \n * Bluecoat PolicyCenter S-Series 1.1 \n * Bluecoat SSL Visibility 3.10 \n * Bluecoat SSL Visibility 3.12 \n * Bluecoat SSL Visibility 4.4 \n * Bluecoat SSL Visibility 4.5 \n * Bluecoat SSL Visibility 5.0 \n * Bluecoat X-Series XOS 10.0 \n * Bluecoat X-Series XOS 11.0 \n * Checkpoint 16000 Appliance R80.30_3.10 \n * Checkpoint 26000 Appliance R80.30_3.10 \n * Checkpoint CloudGuard Gateway R80.20_3.10 \n * Checkpoint Maestro R80.20SP \n * Checkpoint Security Management R80.10 \n * Checkpoint Security Management R80.20 \n * Checkpoint Security Management R80.30 \n * Checkpoint Small and Medium Business Appliances 1200R R76SP \n * Checkpoint Small and Medium Business Appliances 1200R R77.30 \n * Checkpoint Small and Medium Business Appliances 1200R R80.10 \n * Checkpoint Small and Medium Business Appliances 1200R R80.20 \n * Checkpoint Small and Medium Business Appliances 1200R R80.20SP \n * Checkpoint Small and Medium Business Appliances 1200R R80.30 \n * Checkpoint Small and Medium Business Appliances 1400 R76SP \n * Checkpoint Small and Medium Business Appliances 1400 R77.30 \n * Checkpoint Small and Medium Business Appliances 1400 R80.10 \n * Checkpoint Small and Medium Business Appliances 1400 R80.20 \n * Checkpoint Small and Medium Business Appliances 1400 R80.20SP \n * Checkpoint Small and Medium Business Appliances 1400 R80.30 \n * Checkpoint Small and Medium Business Appliances 700 R76SP \n * Checkpoint Small and Medium Business Appliances 700 R77.30 \n * Checkpoint Small and Medium Business Appliances 700 R80.10 \n * Checkpoint Small and Medium Business Appliances 700 R80.20 \n * Checkpoint Small and Medium Business Appliances 700 R80.20SP \n * Checkpoint Small and Medium Business Appliances 700 R80.30 \n * Citrix Hypervisor 8.0 \n * Citrix NetScaler SD-WAN 10.0.1 \n * Citrix NetScaler SD-WAN 10.0.2 \n * Citrix NetScaler SD-WAN 10.0.3 \n * Citrix NetScaler SD-WAN 10.0.4 \n * Citrix NetScaler SD-WAN 10.0.5 \n * Citrix NetScaler SD-WAN 10.0.6 \n * Citrix NetScaler SD-WAN 10.0.7 \n * Citrix SD-WAN 10.1.0 \n * Citrix SD-WAN 10.1.1 \n * Citrix SD-WAN 10.1.2 \n * Citrix SD-WAN 10.2.0 \n * Citrix SD-WAN 10.2.1 \n * Citrix SD-WAN 10.2.2 \n * Citrix SD-WAN 10.2.3 \n * Citrix SD-WAN 11.0.0 \n * Citrix XenServer 7.0 \n * Citrix XenServer 7.1 LTSR CU2 \n * Citrix XenServer 7.6 \n * F5 BIG-IP AAM 11.5.2 \n * F5 BIG-IP AAM 11.5.3 \n * F5 BIG-IP AAM 11.5.3 HF1 \n * F5 BIG-IP AAM 11.5.3 HF2 \n * F5 BIG-IP AAM 11.5.4 \n * F5 BIG-IP AAM 11.5.4 HF1 \n * F5 BIG-IP AAM 11.5.4 HF2 \n * F5 BIG-IP AAM 11.5.4 HF3 \n * F5 BIG-IP AAM 11.5.4 build 0.1.256 \n * F5 BIG-IP AAM 11.5.5 \n * F5 BIG-IP AAM 11.5.5.11.5.1 HF6 \n * F5 BIG-IP AAM 11.5.6 \n * F5 BIG-IP AAM 11.5.7 \n * F5 BIG-IP AAM 11.5.8 \n * F5 BIG-IP AAM 11.5.9 \n * F5 BIG-IP AAM 11.6.0 \n * F5 BIG-IP AAM 11.6.0 HF4 \n * F5 BIG-IP AAM 11.6.0 HF5 \n * F5 BIG-IP AAM 11.6.0 HF6 \n * F5 BIG-IP AAM 11.6.0 HF7 \n * F5 BIG-IP AAM 11.6.0 HF8 \n * F5 BIG-IP AAM 11.6.0 build 6.204.442 \n * F5 BIG-IP AAM 11.6.1 \n * F5 BIG-IP AAM 11.6.1 HF1 \n * F5 BIG-IP AAM 11.6.1 HF2 \n * F5 BIG-IP AAM 11.6.2 \n * F5 BIG-IP AAM 11.6.2 HF1 \n * F5 BIG-IP AAM 11.6.3 \n * F5 BIG-IP AAM 11.6.3.2 \n * F5 BIG-IP AAM 11.6.3.3 \n * F5 BIG-IP AAM 11.6.4 \n * F5 BIG-IP AAM 12.1.0 \n * F5 BIG-IP AAM 12.1.0 HF1 \n * F5 BIG-IP AAM 12.1.0 HF2 \n * F5 BIG-IP AAM 12.1.1 \n * F5 BIG-IP AAM 12.1.1 HF2 \n * F5 BIG-IP AAM 12.1.2 \n * F5 BIG-IP AAM 12.1.2 HF1 \n * F5 BIG-IP AAM 12.1.2 HF2 \n * F5 BIG-IP AAM 12.1.3 \n * F5 BIG-IP AAM 12.1.3.2 \n * F5 BIG-IP AAM 12.1.3.4 \n * F5 BIG-IP AAM 12.1.3.6 \n * F5 BIG-IP AAM 12.1.4 \n * F5 BIG-IP AAM 13.1.0 \n * F5 BIG-IP AAM 13.1.0.4 \n * F5 BIG-IP AAM 13.1.0.5 \n * F5 BIG-IP AAM 13.1.0.6 \n * F5 BIG-IP AAM 13.1.0.8 \n * F5 BIG-IP AAM 13.1.1 \n * F5 BIG-IP AAM 14.0.0 \n * F5 BIG-IP AAM 14.0.0.3 \n * F5 BIG-IP AAM 14.1.0 \n * F5 BIG-IP AAM 15.0.0 \n * F5 BIG-IP AFM 11.5.2 \n * F5 BIG-IP AFM 11.5.3 \n * F5 BIG-IP AFM 11.5.3 HF1 \n * F5 BIG-IP AFM 11.5.3 HF2 \n * F5 BIG-IP AFM 11.5.4 \n * F5 BIG-IP AFM 11.5.4 HF1 \n * F5 BIG-IP AFM 11.5.4 HF2 \n * F5 BIG-IP AFM 11.5.4 HF3 \n * F5 BIG-IP AFM 11.5.4 build 0.1.256 \n * F5 BIG-IP AFM 11.5.5 \n * F5 BIG-IP AFM 11.5.6 \n * F5 BIG-IP AFM 11.5.7 \n * F5 BIG-IP AFM 11.5.8 \n * F5 BIG-IP AFM 11.5.9 \n * F5 BIG-IP AFM 11.6.0 \n * F5 BIG-IP AFM 11.6.0 HF4 \n * F5 BIG-IP AFM 11.6.0 HF5 \n * F5 BIG-IP AFM 11.6.0 HF6 \n * F5 BIG-IP AFM 11.6.0 HF7 \n * F5 BIG-IP AFM 11.6.0 HF8 \n * F5 BIG-IP AFM 11.6.0 build 6.204.442 \n * F5 BIG-IP AFM 11.6.1 \n * F5 BIG-IP AFM 11.6.1 HF1 \n * F5 BIG-IP AFM 11.6.1 HF2 \n * F5 BIG-IP AFM 11.6.2 \n * F5 BIG-IP AFM 11.6.2 HF1 \n * F5 BIG-IP AFM 11.6.3 \n * F5 BIG-IP AFM 11.6.3.2 \n * F5 BIG-IP AFM 11.6.3.3 \n * F5 BIG-IP AFM 11.6.4 \n * F5 BIG-IP AFM 12.1.0 \n * F5 BIG-IP AFM 12.1.0 HF1 \n * F5 BIG-IP AFM 12.1.0 HF2 \n * F5 BIG-IP AFM 12.1.1 \n * F5 BIG-IP AFM 12.1.1 HF2 \n * F5 BIG-IP AFM 12.1.2 \n * F5 BIG-IP AFM 12.1.2 HF1 \n * F5 BIG-IP AFM 12.1.2 HF2 \n * F5 BIG-IP AFM 12.1.3 \n * F5 BIG-IP AFM 12.1.3.2 \n * F5 BIG-IP AFM 12.1.3.4 \n * F5 BIG-IP AFM 12.1.3.6 \n * F5 BIG-IP AFM 12.1.3.7 \n * F5 BIG-IP AFM 12.1.4 \n * F5 BIG-IP AFM 13.1.0 \n * F5 BIG-IP AFM 13.1.0.4 \n * F5 BIG-IP AFM 13.1.0.5 \n * F5 BIG-IP AFM 13.1.0.6 \n * F5 BIG-IP AFM 13.1.0.8 \n * F5 BIG-IP AFM 13.1.1 \n * F5 BIG-IP AFM 14.0.0 \n * F5 BIG-IP AFM 14.0.0.3 \n * F5 BIG-IP AFM 14.1.0 \n * F5 BIG-IP AFM 15.0.0 \n * F5 BIG-IP APM 11.5.2 \n * F5 BIG-IP APM 11.5.2 HF1 \n * F5 BIG-IP APM 11.5.3 \n * F5 BIG-IP APM 11.5.3 HF1 \n * F5 BIG-IP APM 11.5.3 HF2 \n * F5 BIG-IP APM 11.5.4 \n * F5 BIG-IP APM 11.5.4 HF1 \n * F5 BIG-IP APM 11.5.4 HF2 \n * F5 BIG-IP APM 11.5.4 HF3 \n * F5 BIG-IP APM 11.5.4 build 0.1.256 \n * F5 BIG-IP APM 11.5.5 \n * F5 BIG-IP APM 11.5.6 \n * F5 BIG-IP APM 11.5.7 \n * F5 BIG-IP APM 11.5.8 \n * F5 BIG-IP APM 11.5.9 \n * F5 BIG-IP APM 11.6.0 \n * F5 BIG-IP APM 11.6.0 HF3 \n * F5 BIG-IP APM 11.6.0 HF4 \n * F5 BIG-IP APM 11.6.0 HF5 \n * F5 BIG-IP APM 11.6.0 HF6 \n * F5 BIG-IP APM 11.6.0 HF7 \n * F5 BIG-IP APM 11.6.0 HF8 \n * F5 BIG-IP APM 11.6.0 build 6.204.442 \n * F5 BIG-IP APM 11.6.1 \n * F5 BIG-IP APM 11.6.1 HF1 \n * F5 BIG-IP APM 11.6.1 HF2 \n * F5 BIG-IP APM 11.6.2 \n * F5 BIG-IP APM 11.6.2 HF1 \n * F5 BIG-IP APM 11.6.3 \n * F5 BIG-IP APM 11.6.3.2 \n * F5 BIG-IP APM 11.6.3.3 \n * F5 BIG-IP APM 11.6.4 \n * F5 BIG-IP APM 12.1.0 \n * F5 BIG-IP APM 12.1.0 HF1 \n * F5 BIG-IP APM 12.1.0 HF2 \n * F5 BIG-IP APM 12.1.1 \n * F5 BIG-IP APM 12.1.1 HF2 \n * F5 BIG-IP APM 12.1.2 \n * F5 BIG-IP APM 12.1.2 HF1 \n * F5 BIG-IP APM 12.1.2 HF2 \n * F5 BIG-IP APM 12.1.3 \n * F5 BIG-IP APM 12.1.3.2 \n * F5 BIG-IP APM 12.1.3.4 \n * F5 BIG-IP APM 12.1.3.6 \n * F5 BIG-IP APM 12.1.3.7 \n * F5 BIG-IP APM 12.1.4 \n * F5 BIG-IP APM 13.1.0 \n * F5 BIG-IP APM 13.1.0.4 \n * F5 BIG-IP APM 13.1.0.5 \n * F5 BIG-IP APM 13.1.0.6 \n * F5 BIG-IP APM 13.1.0.8 \n * F5 BIG-IP APM 13.1.1 \n * F5 BIG-IP APM 14.0.0 \n * F5 BIG-IP APM 14.0.0.3 \n * F5 BIG-IP APM 14.1.0 \n * F5 BIG-IP APM 15.0.0 \n * F5 BIG-IP ASM 11.5.2 \n * F5 BIG-IP ASM 11.5.3 \n * F5 BIG-IP ASM 11.5.3 HF1 \n * F5 BIG-IP ASM 11.5.3 HF2 \n * F5 BIG-IP ASM 11.5.4 \n * F5 BIG-IP ASM 11.5.4 HF1 \n * F5 BIG-IP ASM 11.5.4 HF2 \n * F5 BIG-IP ASM 11.5.4 HF3 \n * F5 BIG-IP ASM 11.5.4 build 0.1.256 \n * F5 BIG-IP ASM 11.5.5 \n * F5 BIG-IP ASM 11.5.6 \n * F5 BIG-IP ASM 11.5.7 \n * F5 BIG-IP ASM 11.5.8 \n * F5 BIG-IP ASM 11.5.9 \n * F5 BIG-IP ASM 11.6.0 \n * F5 BIG-IP ASM 11.6.0 HF4 \n * F5 BIG-IP ASM 11.6.0 HF5 \n * F5 BIG-IP ASM 11.6.0 HF6 \n * F5 BIG-IP ASM 11.6.0 HF7 \n * F5 BIG-IP ASM 11.6.0 HF8 \n * F5 BIG-IP ASM 11.6.0 build 6.204.442 \n * F5 BIG-IP ASM 11.6.1 \n * F5 BIG-IP ASM 11.6.1 HF1 \n * F5 BIG-IP ASM 11.6.1 HF2 \n * F5 BIG-IP ASM 11.6.2 \n * F5 BIG-IP ASM 11.6.2 HF1 \n * F5 BIG-IP ASM 11.6.3 \n * F5 BIG-IP ASM 11.6.3.2 \n * F5 BIG-IP ASM 11.6.3.3 \n * F5 BIG-IP ASM 11.6.4 \n * F5 BIG-IP ASM 12.1.0 \n * F5 BIG-IP ASM 12.1.0 HF1 \n * F5 BIG-IP ASM 12.1.0 HF2 \n * F5 BIG-IP ASM 12.1.1 \n * F5 BIG-IP ASM 12.1.1 HF1 \n * F5 BIG-IP ASM 12.1.1 HF2 \n * F5 BIG-IP ASM 12.1.2 \n * F5 BIG-IP ASM 12.1.2 HF1 \n * F5 BIG-IP ASM 12.1.2 HF2 \n * F5 BIG-IP ASM 12.1.3 \n * F5 BIG-IP ASM 12.1.3.2 \n * F5 BIG-IP ASM 12.1.3.4 \n * F5 BIG-IP ASM 12.1.3.6 \n * F5 BIG-IP ASM 12.1.3.7 \n * F5 BIG-IP ASM 12.1.4 \n * F5 BIG-IP ASM 13.1.0 \n * F5 BIG-IP ASM 13.1.0.2 \n * F5 BIG-IP ASM 13.1.0.4 \n * F5 BIG-IP ASM 13.1.0.5 \n * F5 BIG-IP ASM 13.1.0.6 \n * F5 BIG-IP ASM 13.1.0.8 \n * F5 BIG-IP ASM 13.1.1 \n * F5 BIG-IP ASM 14.0.0 \n * F5 BIG-IP ASM 14.0.0.2 \n * F5 BIG-IP ASM 14.0.0.3 \n * F5 BIG-IP ASM 14.1.0 \n * F5 BIG-IP ASM 15.0.0 \n * F5 BIG-IP Analytics 11.5.2 \n * F5 BIG-IP Analytics 11.5.3 \n * F5 BIG-IP Analytics 11.5.3 HF1 \n * F5 BIG-IP Analytics 11.5.3 HF2 \n * F5 BIG-IP Analytics 11.5.4 \n * F5 BIG-IP Analytics 11.5.4 HF1 \n * F5 BIG-IP Analytics 11.5.4 HF2 \n * F5 BIG-IP Analytics 11.5.4 HF3 \n * F5 BIG-IP Analytics 11.5.4 build 0.1.256 \n * F5 BIG-IP Analytics 11.5.5 \n * F5 BIG-IP Analytics 11.5.6 \n * F5 BIG-IP Analytics 11.5.7 \n * F5 BIG-IP Analytics 11.5.8 \n * F5 BIG-IP Analytics 11.5.9 \n * F5 BIG-IP Analytics 11.6.0 \n * F5 BIG-IP Analytics 11.6.0 HF4 \n * F5 BIG-IP Analytics 11.6.0 HF5 \n * F5 BIG-IP Analytics 11.6.0 HF6 \n * F5 BIG-IP Analytics 11.6.0 HF7 \n * F5 BIG-IP Analytics 11.6.0 build 6.204.442 \n * F5 BIG-IP Analytics 11.6.1 \n * F5 BIG-IP Analytics 11.6.1 HF1 \n * F5 BIG-IP Analytics 11.6.1 HF2 \n * F5 BIG-IP Analytics 11.6.2 \n * F5 BIG-IP Analytics 11.6.2 HF1 \n * F5 BIG-IP Analytics 11.6.3 \n * F5 BIG-IP Analytics 11.6.3.2 \n * F5 BIG-IP Analytics 11.6.3.3 \n * F5 BIG-IP Analytics 11.6.4 \n * F5 BIG-IP Analytics 12.1.0 \n * F5 BIG-IP Analytics 12.1.1 \n * F5 BIG-IP Analytics 12.1.1 HF2 \n * F5 BIG-IP Analytics 12.1.2 \n * F5 BIG-IP Analytics 12.1.2 HF1 \n * F5 BIG-IP Analytics 12.1.2 HF2 \n * F5 BIG-IP Analytics 12.1.3 \n * F5 BIG-IP Analytics 12.1.3.2 \n * F5 BIG-IP Analytics 12.1.3.4 \n * F5 BIG-IP Analytics 12.1.3.6 \n * F5 BIG-IP Analytics 12.1.3.7 \n * F5 BIG-IP Analytics 12.1.4 \n * F5 BIG-IP Analytics 13.1.0 \n * F5 BIG-IP Analytics 13.1.0.4 \n * F5 BIG-IP Analytics 13.1.0.5 \n * F5 BIG-IP Analytics 13.1.0.6 \n * F5 BIG-IP Analytics 13.1.0.8 \n * F5 BIG-IP Analytics 13.1.1 \n * F5 BIG-IP Analytics 14.0.0 \n * F5 BIG-IP Analytics 14.0.0.3 \n * F5 BIG-IP Analytics 14.1.0 \n * F5 BIG-IP Analytics 15.0.0 \n * F5 BIG-IP DNS 11.5.2 \n * F5 BIG-IP DNS 11.5.3 \n * F5 BIG-IP DNS 11.5.4 \n * F5 BIG-IP DNS 11.5.4 HF1 \n * F5 BIG-IP DNS 11.5.5 \n * F5 BIG-IP DNS 11.5.6 \n * F5 BIG-IP DNS 11.5.7 \n * F5 BIG-IP DNS 11.5.8 \n * F5 BIG-IP DNS 11.5.9 \n * F5 BIG-IP DNS 11.6.0 \n * F5 BIG-IP DNS 11.6.1 \n * F5 BIG-IP DNS 11.6.2 \n * F5 BIG-IP DNS 11.6.3 \n * F5 BIG-IP DNS 11.6.3.2 \n * F5 BIG-IP DNS 11.6.3.3 \n * F5 BIG-IP DNS 11.6.4 \n * F5 BIG-IP DNS 12.1.0 \n * F5 BIG-IP DNS 12.1.1 \n * F5 BIG-IP DNS 12.1.1 HF2 \n * F5 BIG-IP DNS 12.1.2 \n * F5 BIG-IP DNS 12.1.2 HF1 \n * F5 BIG-IP DNS 12.1.2 HF2 \n * F5 BIG-IP DNS 12.1.3 \n * F5 BIG-IP DNS 12.1.3.2 \n * F5 BIG-IP DNS 12.1.3.4 \n * F5 BIG-IP DNS 12.1.3.5 \n * F5 BIG-IP DNS 12.1.3.6 \n * F5 BIG-IP DNS 12.1.3.7 \n * F5 BIG-IP DNS 12.1.4 \n * F5 BIG-IP DNS 13.1.0 \n * F5 BIG-IP DNS 13.1.0.4 \n * F5 BIG-IP DNS 13.1.0.5 \n * F5 BIG-IP DNS 13.1.0.6 \n * F5 BIG-IP DNS 13.1.0.7 \n * F5 BIG-IP DNS 13.1.0.8 \n * F5 BIG-IP DNS 13.1.1 \n * F5 BIG-IP DNS 14.0.0 \n * F5 BIG-IP DNS 14.0.0.3 \n * F5 BIG-IP DNS 14.1.0 \n * F5 BIG-IP DNS 15.0.0 \n * F5 BIG-IP Edge Gateway 11.5.2 \n * F5 BIG-IP Edge Gateway 11.5.6 \n * F5 BIG-IP Edge Gateway 11.5.7 \n * F5 BIG-IP Edge Gateway 11.5.8 \n * F5 BIG-IP Edge Gateway 11.5.9 \n * F5 BIG-IP Edge Gateway 11.6.1 \n * F5 BIG-IP Edge Gateway 11.6.2 \n * F5 BIG-IP Edge Gateway 11.6.3 \n * F5 BIG-IP Edge Gateway 11.6.3.3 \n * F5 BIG-IP Edge Gateway 11.6.4 \n * F5 BIG-IP Edge Gateway 12.1.0 \n * F5 BIG-IP Edge Gateway 12.1.14 \n * F5 BIG-IP Edge Gateway 12.1.2 \n * F5 BIG-IP Edge Gateway 12.1.3 \n * F5 BIG-IP Edge Gateway 12.1.4 \n * F5 BIG-IP Edge Gateway 13.1.0 \n * F5 BIG-IP Edge Gateway 13.1.0.5 \n * F5 BIG-IP Edge Gateway 13.1.0.6 \n * F5 BIG-IP Edge Gateway 13.1.1 \n * F5 BIG-IP Edge Gateway 14.0.0 \n * F5 BIG-IP Edge Gateway 14.0.0.3 \n * F5 BIG-IP Edge Gateway 14.1.0 \n * F5 BIG-IP FPS 11.5.2 \n * F5 BIG-IP FPS 11.5.6 \n * F5 BIG-IP FPS 11.5.7 \n * F5 BIG-IP FPS 11.5.8 \n * F5 BIG-IP FPS 11.5.9 \n * F5 BIG-IP FPS 11.6.0 \n * F5 BIG-IP FPS 11.6.1 \n * F5 BIG-IP FPS 11.6.2 \n * F5 BIG-IP FPS 11.6.3 \n * F5 BIG-IP FPS 11.6.3.2 \n * F5 BIG-IP FPS 11.6.3.3 \n * F5 BIG-IP FPS 11.6.4 \n * F5 BIG-IP FPS 12.1.0 \n * F5 BIG-IP FPS 12.1.1 \n * F5 BIG-IP FPS 12.1.1 HF2 \n * F5 BIG-IP FPS 12.1.2 \n * F5 BIG-IP FPS 12.1.3 \n * F5 BIG-IP FPS 12.1.3.6 \n * F5 BIG-IP FPS 12.1.3.7 \n * F5 BIG-IP FPS 12.1.4 \n * F5 BIG-IP FPS 13.1.0 \n * F5 BIG-IP FPS 13.1.0.8 \n * F5 BIG-IP FPS 13.1.1 \n * F5 BIG-IP FPS 14.0.0 \n * F5 BIG-IP FPS 14.0.0.3 \n * F5 BIG-IP FPS 14.1.0 \n * F5 BIG-IP FPS 15.0.0 \n * F5 BIG-IP GTM 11.5.2 \n * F5 BIG-IP GTM 11.5.3 \n * F5 BIG-IP GTM 11.5.3 HF1 \n * F5 BIG-IP GTM 11.5.3 HF2 \n * F5 BIG-IP GTM 11.5.4 \n * F5 BIG-IP GTM 11.5.4 HF1 \n * F5 BIG-IP GTM 11.5.4 HF2 \n * F5 BIG-IP GTM 11.5.4 HF3 \n * F5 BIG-IP GTM 11.5.4 build 0.1.256 \n * F5 BIG-IP GTM 11.5.5 \n * F5 BIG-IP GTM 11.5.6 \n * F5 BIG-IP GTM 11.5.7 \n * F5 BIG-IP GTM 11.5.8 \n * F5 BIG-IP GTM 11.5.9 \n * F5 BIG-IP GTM 11.6.0 \n * F5 BIG-IP GTM 11.6.0 HF4 \n * F5 BIG-IP GTM 11.6.0 HF5 \n * F5 BIG-IP GTM 11.6.0 HF6 \n * F5 BIG-IP GTM 11.6.0 HF7 \n * F5 BIG-IP GTM 11.6.0 build 6.204.442 \n * F5 BIG-IP GTM 11.6.1 \n * F5 BIG-IP GTM 11.6.1 HF1 \n * F5 BIG-IP GTM 11.6.1 HF2 \n * F5 BIG-IP GTM 11.6.2 \n * F5 BIG-IP GTM 11.6.2 HF1 \n * F5 BIG-IP GTM 11.6.3 \n * F5 BIG-IP GTM 11.6.3.2 \n * F5 BIG-IP GTM 11.6.3.3 \n * F5 BIG-IP GTM 11.6.4 \n * F5 BIG-IP GTM 12.1.0 \n * F5 BIG-IP GTM 12.1.1 \n * F5 BIG-IP GTM 12.1.1 HF2 \n * F5 BIG-IP GTM 12.1.2 \n * F5 BIG-IP GTM 12.1.2 HF1 \n * F5 BIG-IP GTM 12.1.3 \n * F5 BIG-IP GTM 12.1.3.2 \n * F5 BIG-IP GTM 12.1.3.4 \n * F5 BIG-IP GTM 12.1.3.6 \n * F5 BIG-IP GTM 12.1.3.7 \n * F5 BIG-IP GTM 12.1.4 \n * F5 BIG-IP GTM 13.1.0 \n * F5 BIG-IP GTM 13.1.0.4 \n * F5 BIG-IP GTM 13.1.0.5 \n * F5 BIG-IP GTM 13.1.0.6 \n * F5 BIG-IP GTM 13.1.0.8 \n * F5 BIG-IP GTM 13.1.1 \n * F5 BIG-IP GTM 14.0.0 \n * F5 BIG-IP GTM 14.0.0.3 \n * F5 BIG-IP GTM 14.1.0 \n * F5 BIG-IP GTM 15.0.0 \n * F5 BIG-IP LTM 11.5.2 \n * F5 BIG-IP LTM 11.5.3 \n * F5 BIG-IP LTM 11.5.3 HF1 \n * F5 BIG-IP LTM 11.5.3 HF2 \n * F5 BIG-IP LTM 11.5.4 \n * F5 BIG-IP LTM 11.5.4 HF1 \n * F5 BIG-IP LTM 11.5.4 HF2 \n * F5 BIG-IP LTM 11.5.4 HF3 \n * F5 BIG-IP LTM 11.5.4 build 0.1.256 \n * F5 BIG-IP LTM 11.5.5 \n * F5 BIG-IP LTM 11.5.6 \n * F5 BIG-IP LTM 11.5.7 \n * F5 BIG-IP LTM 11.5.8 \n * F5 BIG-IP LTM 11.5.9 \n * F5 BIG-IP LTM 11.6.0 \n * F5 BIG-IP LTM 11.6.0 HF4 \n * F5 BIG-IP LTM 11.6.0 HF5 \n * F5 BIG-IP LTM 11.6.0 HF6 \n * F5 BIG-IP LTM 11.6.0 HF7 \n * F5 BIG-IP LTM 11.6.0 HF8 \n * F5 BIG-IP LTM 11.6.0 build 6.204.442 \n * F5 BIG-IP LTM 11.6.1 \n * F5 BIG-IP LTM 11.6.1 HF1 \n * F5 BIG-IP LTM 11.6.1 HF2 \n * F5 BIG-IP LTM 11.6.2 \n * F5 BIG-IP LTM 11.6.2 HF1 \n * F5 BIG-IP LTM 11.6.3 \n * F5 BIG-IP LTM 11.6.3.2 \n * F5 BIG-IP LTM 11.6.3.3 \n * F5 BIG-IP LTM 11.6.4 \n * F5 BIG-IP LTM 12.1.0 \n * F5 BIG-IP LTM 12.1.0 HF1 \n * F5 BIG-IP LTM 12.1.0 HF2 \n * F5 BIG-IP LTM 12.1.1 \n * F5 BIG-IP LTM 12.1.1 HF2 \n * F5 BIG-IP LTM 12.1.2 \n * F5 BIG-IP LTM 12.1.2 HF1 \n * F5 BIG-IP LTM 12.1.2 HF2 \n * F5 BIG-IP LTM 12.1.3 \n * F5 BIG-IP LTM 12.1.3.2 \n * F5 BIG-IP LTM 12.1.3.4 \n * F5 BIG-IP LTM 12.1.3.6 \n * F5 BIG-IP LTM 12.1.3.7 \n * F5 BIG-IP LTM 12.1.4 \n * F5 BIG-IP LTM 13.1.0 \n * F5 BIG-IP LTM 13.1.0.4 \n * F5 BIG-IP LTM 13.1.0.5 \n * F5 BIG-IP LTM 13.1.0.6 \n * F5 BIG-IP LTM 13.1.0.8 \n * F5 BIG-IP LTM 13.1.1 \n * F5 BIG-IP LTM 14.0.0 \n * F5 BIG-IP LTM 14.0.0.3 \n * F5 BIG-IP LTM 14.0.2 \n * F5 BIG-IP LTM 14.1.0 \n * F5 BIG-IP LTM 15.0.0 \n * F5 BIG-IP Link Controller 11.5.2 \n * F5 BIG-IP Link Controller 11.5.3 \n * F5 BIG-IP Link Controller 11.5.3 HF1 \n * F5 BIG-IP Link Controller 11.5.3 HF2 \n * F5 BIG-IP Link Controller 11.5.4 \n * F5 BIG-IP Link Controller 11.5.4 HF1 \n * F5 BIG-IP Link Controller 11.5.4 HF2 \n * F5 BIG-IP Link Controller 11.5.4 HF3 \n * F5 BIG-IP Link Controller 11.5.4 build 0.1.256 \n * F5 BIG-IP Link Controller 11.5.5 \n * F5 BIG-IP Link Controller 11.5.6 \n * F5 BIG-IP Link Controller 11.5.7 \n * F5 BIG-IP Link Controller 11.5.8 \n * F5 BIG-IP Link Controller 11.5.9 \n * F5 BIG-IP Link Controller 11.6.0 \n * F5 BIG-IP Link Controller 11.6.0 HF4 \n * F5 BIG-IP Link Controller 11.6.0 HF5 \n * F5 BIG-IP Link Controller 11.6.0 HF6 \n * F5 BIG-IP Link Controller 11.6.0 HF8 \n * F5 BIG-IP Link Controller 11.6.0 build 6.204.442 \n * F5 BIG-IP Link Controller 11.6.1 \n * F5 BIG-IP Link Controller 11.6.1 HF1 \n * F5 BIG-IP Link Controller 11.6.1 HF2 \n * F5 BIG-IP Link Controller 11.6.2 \n * F5 BIG-IP Link Controller 11.6.2 HF1 \n * F5 BIG-IP Link Controller 11.6.3 \n * F5 BIG-IP Link Controller 11.6.3.2 \n * F5 BIG-IP Link Controller 11.6.3.3 \n * F5 BIG-IP Link Controller 11.6.4 \n * F5 BIG-IP Link Controller 12.1.0 \n * F5 BIG-IP Link Controller 12.1.0 HF1 \n * F5 BIG-IP Link Controller 12.1.0 HF2 \n * F5 BIG-IP Link Controller 12.1.1 \n * F5 BIG-IP Link Controller 12.1.1 HF2 \n * F5 BIG-IP Link Controller 12.1.2 \n * F5 BIG-IP Link Controller 12.1.2 HF1 \n * F5 BIG-IP Link Controller 12.1.2 HF2 \n * F5 BIG-IP Link Controller 12.1.3 \n * F5 BIG-IP Link Controller 12.1.3.2 \n * F5 BIG-IP Link Controller 12.1.3.4 \n * F5 BIG-IP Link Controller 12.1.3.6 \n * F5 BIG-IP Link Controller 12.1.4 \n * F5 BIG-IP Link Controller 13.1.0 \n * F5 BIG-IP Link Controller 13.1.0.4 \n * F5 BIG-IP Link Controller 13.1.0.5 \n * F5 BIG-IP Link Controller 13.1.0.6 \n * F5 BIG-IP Link Controller 13.1.0.8 \n * F5 BIG-IP Link Controller 13.1.1 \n * F5 BIG-IP Link Controller 14.0.0 \n * F5 BIG-IP Link Controller 14.0.0.3 \n * F5 BIG-IP Link Controller 14.1.0 \n * F5 BIG-IP Link Controller 15.0.0 \n * F5 BIG-IP PEM 11.5.2 \n * F5 BIG-IP PEM 11.5.3 \n * F5 BIG-IP PEM 11.5.3 HF1 \n * F5 BIG-IP PEM 11.5.3 HF2 \n * F5 BIG-IP PEM 11.5.4 \n * F5 BIG-IP PEM 11.5.4 HF1 \n * F5 BIG-IP PEM 11.5.4 HF2 \n * F5 BIG-IP PEM 11.5.4 HF3 \n * F5 BIG-IP PEM 11.5.5 \n * F5 BIG-IP PEM 11.5.6 \n * F5 BIG-IP PEM 11.5.7 \n * F5 BIG-IP PEM 11.5.8 \n * F5 BIG-IP PEM 11.5.9 \n * F5 BIG-IP PEM 11.6.0 \n * F5 BIG-IP PEM 11.6.0 HF4 \n * F5 BIG-IP PEM 11.6.0 HF5 \n * F5 BIG-IP PEM 11.6.0 HF6 \n * F5 BIG-IP PEM 11.6.0 HF8 \n * F5 BIG-IP PEM 11.6.1 \n * F5 BIG-IP PEM 11.6.1 HF1 \n * F5 BIG-IP PEM 11.6.1 HF2 \n * F5 BIG-IP PEM 11.6.2 \n * F5 BIG-IP PEM 11.6.2 HF1 \n * F5 BIG-IP PEM 11.6.3 \n * F5 BIG-IP PEM 11.6.3.2 \n * F5 BIG-IP PEM 11.6.3.3 \n * F5 BIG-IP PEM 11.6.4 \n * F5 BIG-IP PEM 12.1.0 \n * F5 BIG-IP PEM 12.1.0 HF1 \n * F5 BIG-IP PEM 12.1.0 HF2 \n * F5 BIG-IP PEM 12.1.1 \n * F5 BIG-IP PEM 12.1.1 HF2 \n * F5 BIG-IP PEM 12.1.2 \n * F5 BIG-IP PEM 12.1.2 HF 1 \n * F5 BIG-IP PEM 12.1.2 HF1 \n * F5 BIG-IP PEM 12.1.2 HF2 \n * F5 BIG-IP PEM 12.1.3 \n * F5 BIG-IP PEM 12.1.3.2 \n * F5 BIG-IP PEM 12.1.3.4 \n * F5 BIG-IP PEM 12.1.3.6 \n * F5 BIG-IP PEM 12.1.4 \n * F5 BIG-IP PEM 13.1.0 \n * F5 BIG-IP PEM 13.1.0.4 \n * F5 BIG-IP PEM 13.1.0.5 \n * F5 BIG-IP PEM 13.1.0.6 \n * F5 BIG-IP PEM 13.1.0.8 \n * F5 BIG-IP PEM 13.1.1 \n * F5 BIG-IP PEM 14.0.0 \n * F5 BIG-IP PEM 14.0.0.3 \n * F5 BIG-IP PEM 14.1.0 \n * F5 BIG-IP PEM 15.0.0 \n * F5 BIG-IP WebAccelerator 11.5.2 \n * F5 BIG-IP WebAccelerator 11.5.4 HF2 \n * F5 BIG-IP WebAccelerator 11.5.5 \n * F5 BIG-IP WebAccelerator 11.5.6 \n * F5 BIG-IP WebAccelerator 11.5.7 \n * F5 BIG-IP WebAccelerator 11.5.8 \n * F5 BIG-IP WebAccelerator 11.5.9 \n * F5 BIG-IP WebAccelerator 11.6.0 \n * F5 BIG-IP WebAccelerator 11.6.1 \n * F5 BIG-IP WebAccelerator 11.6.2 \n * F5 BIG-IP WebAccelerator 11.6.3 \n * F5 BIG-IP WebAccelerator 11.6.3.2 \n * F5 BIG-IP WebAccelerator 11.6.3.3 \n * F5 BIG-IP WebAccelerator 11.6.4 \n * F5 BIG-IP WebAccelerator 12.1.0 \n * F5 BIG-IP WebAccelerator 12.1.1 \n * F5 BIG-IP WebAccelerator 12.1.1 HF2 \n * F5 BIG-IP WebAccelerator 12.1.2 \n * F5 BIG-IP WebAccelerator 12.1.3 \n * F5 BIG-IP WebAccelerator 12.1.3.2 \n * F5 BIG-IP WebAccelerator 12.1.3.4 \n * F5 BIG-IP WebAccelerator 12.1.3.6 \n * F5 BIG-IP WebAccelerator 12.1.4 \n * F5 BIG-IP WebAccelerator 13.1.0 \n * F5 BIG-IP WebAccelerator 13.1.0.4 \n * F5 BIG-IP WebAccelerator 13.1.0.5 \n * F5 BIG-IP WebAccelerator 13.1.0.6 \n * F5 BIG-IP WebAccelerator 13.1.0.8 \n * F5 BIG-IP WebAccelerator 13.1.1 \n * F5 BIG-IP WebAccelerator 14.0.0 \n * F5 BIG-IP WebAccelerator 14.0.0.3 \n * F5 BIG-IP WebAccelerator 14.1.0 \n * F5 BIG-IP WebAccelerator 15.0.0 \n * Linux kernel 2.6.0 \n * Linux kernel 2.6.1 \n * Linux kernel 2.6.11 .11 \n * Linux kernel 2.6.11 .12 \n * Linux kernel 2.6.11 .4 \n * Linux kernel 2.6.11 .5 \n * Linux kernel 2.6.11 .6 \n * Linux kernel 2.6.11 .7 \n * Linux kernel 2.6.11 .8 \n * Linux kernel 2.6.11 \n * Linux kernel 2.6.11.1 \n * Linux kernel 2.6.11.10 \n * Linux kernel 2.6.11.11 \n * Linux kernel 2.6.11.12 \n * Linux kernel 2.6.11.2 \n * Linux kernel 2.6.11.3 \n * Linux kernel 2.6.11.4 \n * Linux kernel 2.6.11.5 \n * Linux kernel 2.6.11.6 \n * Linux kernel 2.6.11.7 \n * Linux kernel 2.6.11.8 \n * Linux kernel 2.6.11.9 \n * Linux kernel 2.6.12 .1 \n * Linux kernel 2.6.12 .12 \n * Linux kernel 2.6.12 .2 \n * Linux kernel 2.6.12 .22 \n * Linux kernel 2.6.12 .3 \n * Linux kernel 2.6.12 .4 \n * Linux kernel 2.6.12 .5 \n * Linux kernel 2.6.12 .6 \n * Linux kernel 2.6.12 \n * Linux kernel 2.6.12.1 \n * Linux kernel 2.6.12.2 \n * Linux kernel 2.6.12.3 \n * Linux kernel 2.6.12.4 \n * Linux kernel 2.6.12.5 \n * Linux kernel 2.6.12.6 \n * Linux kernel 2.6.13 .1 \n * Linux kernel 2.6.13 .2 \n * Linux kernel 2.6.13 .3 \n * Linux kernel 2.6.13 .4 \n * Linux kernel 2.6.13 \n * Linux kernel 2.6.13.2 \n * Linux kernel 2.6.13.3 \n * Linux kernel 2.6.13.4 \n * Linux kernel 2.6.13.5 \n * Linux kernel 2.6.14 .1 \n * Linux kernel 2.6.14 .2 \n * Linux kernel 2.6.14 .3 \n * Linux kernel 2.6.14 \n * Linux kernel 2.6.14.1 \n * Linux kernel 2.6.14.2 \n * Linux kernel 2.6.14.3 \n * Linux kernel 2.6.14.4 \n * Linux kernel 2.6.14.5 \n * Linux kernel 2.6.14.6 \n * Linux kernel 2.6.14.7 \n * Linux kernel 2.6.15 .4 \n * Linux kernel 2.6.15 \n * Linux kernel 2.6.15.1 \n * Linux kernel 2.6.15.11 \n * Linux kernel 2.6.15.2 \n * Linux kernel 2.6.15.3 \n * Linux kernel 2.6.15.4 \n * Linux kernel 2.6.15.5 \n * Linux kernel 2.6.15.6 \n * Linux kernel 2.6.15.7 \n * Linux kernel 2.6.16 .1 \n * Linux kernel 2.6.16 .11 \n * Linux kernel 2.6.16 .12 \n * Linux kernel 2.6.16 .19 \n * Linux kernel 2.6.16 .23 \n * Linux kernel 2.6.16 .7 \n * Linux kernel 2.6.16 .9 \n * Linux kernel 2.6.16 13 \n * Linux kernel 2.6.16 27 \n * Linux kernel 2.6.16 \n * Linux kernel 2.6.16.10 \n * Linux kernel 2.6.16.11 \n * Linux kernel 2.6.16.12 \n * Linux kernel 2.6.16.13 \n * Linux kernel 2.6.16.14 \n * Linux kernel 2.6.16.15 \n * Linux kernel 2.6.16.16 \n * Linux kernel 2.6.16.17 \n * Linux kernel 2.6.16.18 \n * Linux kernel 2.6.16.19 \n * Linux kernel 2.6.16.2 \n * Linux kernel 2.6.16.20 \n * Linux kernel 2.6.16.21 \n * Linux kernel 2.6.16.22 \n * Linux kernel 2.6.16.24 \n * Linux kernel 2.6.16.25 \n * Linux kernel 2.6.16.26 \n * Linux kernel 2.6.16.27 \n * Linux kernel 2.6.16.28 \n * Linux kernel 2.6.16.29 \n * Linux kernel 2.6.16.3 \n * Linux kernel 2.6.16.30 \n * Linux kernel 2.6.16.31 \n * Linux kernel 2.6.16.32 \n * Linux kernel 2.6.16.33 \n * Linux kernel 2.6.16.34 \n * Linux kernel 2.6.16.35 \n * Linux kernel 2.6.16.36 \n * Linux kernel 2.6.16.37 \n * Linux kernel 2.6.16.38 \n * Linux kernel 2.6.16.39 \n * Linux kernel 2.6.16.4 \n * Linux kernel 2.6.16.40 \n * Linux kernel 2.6.16.41 \n * Linux kernel 2.6.16.43 \n * Linux kernel 2.6.16.44 \n * Linux kernel 2.6.16.45 \n * Linux kernel 2.6.16.46 \n * Linux kernel 2.6.16.47 \n * Linux kernel 2.6.16.48 \n * Linux kernel 2.6.16.49 \n * Linux kernel 2.6.16.5 \n * Linux kernel 2.6.16.50 \n * Linux kernel 2.6.16.51 \n * Linux kernel 2.6.16.52 \n * Linux kernel 2.6.16.53 \n * Linux kernel 2.6.16.6 \n * Linux kernel 2.6.16.7 \n * Linux kernel 2.6.16.8 \n * Linux kernel 2.6.16.9 \n * Linux kernel 2.6.17 .8 \n * Linux kernel 2.6.17 \n * Linux kernel 2.6.17.1 \n * Linux kernel 2.6.17.10 \n * Linux kernel 2.6.17.11 \n * Linux kernel 2.6.17.12 \n * Linux kernel 2.6.17.13 \n * Linux kernel 2.6.17.14 \n * Linux kernel 2.6.17.2 \n * Linux kernel 2.6.17.3 \n * Linux kernel 2.6.17.4 \n * Linux kernel 2.6.17.5 \n * Linux kernel 2.6.17.6 \n * Linux kernel 2.6.17.7 \n * Linux kernel 2.6.17.9 \n * Linux kernel 2.6.18 .1 \n * Linux kernel 2.6.18 \n * Linux kernel 2.6.18.2 \n * Linux kernel 2.6.18.3 \n * Linux kernel 2.6.18.4 \n * Linux kernel 2.6.18.5 \n * Linux kernel 2.6.18.6 \n * Linux kernel 2.6.18.7 \n * Linux kernel 2.6.18.8 \n * Linux kernel 2.6.19 \n * Linux kernel 2.6.19.1 \n * Linux kernel 2.6.19.2 \n * Linux kernel 2.6.19.3 \n * Linux kernel 2.6.19.4 \n * Linux kernel 2.6.2 \n * Linux kernel 2.6.20 \n * Linux kernel 2.6.20-2 \n * Linux kernel 2.6.20.1 \n * Linux kernel 2.6.20.10 \n * Linux kernel 2.6.20.11 \n * Linux kernel 2.6.20.12 \n * Linux kernel 2.6.20.13 \n * Linux kernel 2.6.20.14 \n * Linux kernel 2.6.20.15 \n * Linux kernel 2.6.20.2 \n * Linux kernel 2.6.20.3 \n * Linux kernel 2.6.20.4 \n * Linux kernel 2.6.20.5 \n * Linux kernel 2.6.20.6 \n * Linux kernel 2.6.20.7 \n * Linux kernel 2.6.20.8 \n * Linux kernel 2.6.20.9 \n * Linux kernel 2.6.21 .1 \n * Linux kernel 2.6.21 4 \n * Linux kernel 2.6.21 \n * Linux kernel 2.6.21.2 \n * Linux kernel 2.6.21.3 \n * Linux kernel 2.6.21.6 \n * Linux kernel 2.6.21.7 \n * Linux kernel 2.6.22 \n * Linux kernel 2.6.22.1 \n * Linux kernel 2.6.22.11 \n * Linux kernel 2.6.22.12 \n * Linux kernel 2.6.22.13 \n * Linux kernel 2.6.22.14 \n * Linux kernel 2.6.22.15 \n * Linux kernel 2.6.22.16 \n * Linux kernel 2.6.22.17 \n * Linux kernel 2.6.23.1 \n * Linux kernel 2.6.23.10 \n * Linux kernel 2.6.23.14 \n * Linux kernel 2.6.23.2 \n * Linux kernel 2.6.23.3 \n * Linux kernel 2.6.23.4 \n * Linux kernel 2.6.23.5 \n * Linux kernel 2.6.23.6 \n * Linux kernel 2.6.24 \n * Linux kernel 2.6.24.1 \n * Linux kernel 2.6.24.2 \n * Linux kernel 2.6.25 19 \n * Linux kernel 2.6.25.1 \n * Linux kernel 2.6.25.2 \n * Linux kernel 2.6.25.3 \n * Linux kernel 2.6.25.4 \n * Linux kernel 2.6.25.6 \n * Linux kernel 2.6.25.7 \n * Linux kernel 2.6.25.8 \n * Linux kernel 2.6.25.9 \n * Linux kernel 2.6.26 7 \n * Linux kernel 2.6.26 \n * Linux kernel 2.6.26.3 \n * Linux kernel 2.6.26.4 \n * Linux kernel 2.6.26.5 \n * Linux kernel 2.6.26.6 \n * Linux kernel 2.6.27.12 \n * Linux kernel 2.6.27.13 \n * Linux kernel 2.6.27.14 \n * Linux kernel 2.6.27.24 \n * Linux kernel 2.6.27.46 \n * Linux kernel 2.6.27.8 \n * Linux kernel 2.6.28.1 \n * Linux kernel 2.6.28.2 \n * Linux kernel 2.6.28.3 \n * Linux kernel 2.6.28.4 \n * Linux kernel 2.6.28.5 \n * Linux kernel 2.6.28.6 \n * Linux kernel 2.6.28.8 \n * Linux kernel 2.6.29 \n * Linux kernel 2.6.29.1 \n * Linux kernel 2.6.29.4 \n * Linux kernel 2.6.3 \n * Linux kernel 2.6.30 \n * Linux kernel 2.6.30.1 \n * Linux kernel 2.6.30.10 \n * Linux kernel 2.6.30.3 \n * Linux kernel 2.6.30.4 \n * Linux kernel 2.6.30.5 \n * Linux kernel 2.6.31 \n * Linux kernel 2.6.31.1 \n * Linux kernel 2.6.31.11 \n * Linux kernel 2.6.31.13 \n * Linux kernel 2.6.31.2 \n * Linux kernel 2.6.31.4 \n * Linux kernel 2.6.31.5 \n * Linux kernel 2.6.31.6 \n * Linux kernel 2.6.32 \n * Linux kernel 2.6.32.1 \n * Linux kernel 2.6.32.10 \n * Linux kernel 2.6.32.11 \n * Linux kernel 2.6.32.12 \n * Linux kernel 2.6.32.13 \n * Linux kernel 2.6.32.14 \n * Linux kernel 2.6.32.15 \n * Linux kernel 2.6.32.16 \n * Linux kernel 2.6.32.17 \n * Linux kernel 2.6.32.18 \n * Linux kernel 2.6.32.2 \n * Linux kernel 2.6.32.22 \n * Linux kernel 2.6.32.28 \n * Linux kernel 2.6.32.3 \n * Linux kernel 2.6.32.4 \n * Linux kernel 2.6.32.5 \n * Linux kernel 2.6.32.6 \n * Linux kernel 2.6.32.60 \n * Linux kernel 2.6.32.61 \n * Linux kernel 2.6.32.62 \n * Linux kernel 2.6.32.7 \n * Linux kernel 2.6.32.8 \n * Linux kernel 2.6.32.9 \n * Linux kernel 3.0.1 \n * Linux kernel 3.0.18 \n * Linux kernel 3.0.2 \n * Linux kernel 3.0.34 \n * Linux kernel 3.0.37 \n * Linux kernel 3.0.4 \n * Linux kernel 3.0.5 \n * Linux kernel 3.0.58 \n * Linux kernel 3.0.59 \n * Linux kernel 3.0.60 \n * Linux kernel 3.0.62 \n * Linux kernel 3.0.65 \n * Linux kernel 3.0.66 \n * Linux kernel 3.0.69 \n * Linux kernel 3.0.72 \n * Linux kernel 3.0.75 \n * Linux kernel 3.0.98 \n * Linux kernel 3.1 \n * Linux kernel 3.1.8 \n * Linux kernel 3.10 \n * Linux kernel 3.10.0 \n * Linux kernel 3.10.10 \n * Linux kernel 3.10.14 \n * Linux kernel 3.10.17 \n * Linux kernel 3.10.20 \n * Linux kernel 3.10.21 \n * Linux kernel 3.10.22 \n * Linux kernel 3.10.23 \n * Linux kernel 3.10.26 \n * Linux kernel 3.10.27 \n * Linux kernel 3.10.30 \n * Linux kernel 3.10.31 \n * Linux kernel 3.10.36 \n * Linux kernel 3.10.37 \n * Linux kernel 3.10.38 \n * Linux kernel 3.10.41 \n * Linux kernel 3.10.43 \n * Linux kernel 3.10.45 \n * Linux kernel 3.10.5 \n * Linux kernel 3.10.7 \n * Linux kernel 3.10.73 \n * Linux kernel 3.10.81 \n * Linux kernel 3.10.9 \n * Linux kernel 3.10.90 \n * Linux kernel 3.11 \n * Linux kernel 3.11.3 \n * Linux kernel 3.11.6 \n * Linux kernel 3.11.9 \n * Linux kernel 3.12 \n * Linux kernel 3.12.1 \n * Linux kernel 3.12.11 \n * Linux kernel 3.12.12 \n * Linux kernel 3.12.14 \n * Linux kernel 3.12.15 \n * Linux kernel 3.12.16 \n * Linux kernel 3.12.17 \n * Linux kernel 3.12.18 \n * Linux kernel 3.12.2 \n * Linux kernel 3.12.21 \n * Linux kernel 3.12.22 \n * Linux kernel 3.12.3 \n * Linux kernel 3.12.4 \n * Linux kernel 3.12.40 \n * Linux kernel 3.12.44 \n * Linux kernel 3.12.48 \n * Linux kernel 3.12.49 \n * Linux kernel 3.12.7 \n * Linux kernel 3.13 \n * Linux kernel 3.13.0 \n * Linux kernel 3.13.1 \n * Linux kernel 3.13.11 \n * Linux kernel 3.13.3 \n * Linux kernel 3.13.4 \n * Linux kernel 3.13.5 \n * Linux kernel 3.13.6 \n * Linux kernel 3.13.7 \n * Linux kernel 3.13.9 \n * Linux kernel 3.14 \n * Linux kernel 3.14-1 \n * Linux kernel 3.14-4 \n * Linux kernel 3.14.2 \n * Linux kernel 3.14.3 \n * Linux kernel 3.14.37 \n * Linux kernel 3.14.4 \n * Linux kernel 3.14.45 \n * Linux kernel 3.14.5 \n * Linux kernel 3.14.54 \n * Linux kernel 3.14.7 \n * Linux kernel 3.14.73 \n * Linux kernel 3.14.79 \n * Linux kernel 3.15 \n * Linux kernel 3.15.10 \n * Linux kernel 3.15.2 \n * Linux kernel 3.15.5 \n * Linux kernel 3.16 \n * Linux kernel 3.16.0-28 \n * Linux kernel 3.16.1 \n * Linux kernel 3.16.2 \n * Linux kernel 3.16.36 \n * Linux kernel 3.16.6 \n * Linux kernel 3.16.7 \n * Linux kernel 3.17 \n * Linux kernel 3.17.2 \n * Linux kernel 3.17.4 \n * Linux kernel 3.17.6 \n * Linux kernel 3.18 \n * Linux kernel 3.18.1 \n * Linux kernel 3.18.11 \n * Linux kernel 3.18.17 \n * Linux kernel 3.18.2 \n * Linux kernel 3.18.22 \n * Linux kernel 3.18.3 \n * Linux kernel 3.18.7 \n * Linux kernel 3.18.8 \n * Linux kernel 3.18.9 \n * Linux kernel 3.19 \n * Linux kernel 3.19.3 \n * Linux kernel 3.2 \n * Linux kernel 3.2.1 \n * Linux kernel 3.2.12 \n * Linux kernel 3.2.13 \n * Linux kernel 3.2.2 \n * Linux kernel 3.2.23 \n * Linux kernel 3.2.24 \n * Linux kernel 3.2.38 \n * Linux kernel 3.2.42 \n * Linux kernel 3.2.44 \n * Linux kernel 3.2.50 \n * Linux kernel 3.2.51 \n * Linux kernel 3.2.52 \n * Linux kernel 3.2.53 \n * Linux kernel 3.2.54 \n * Linux kernel 3.2.55 \n * Linux kernel 3.2.56 \n * Linux kernel 3.2.57 \n * Linux kernel 3.2.60 \n * Linux kernel 3.2.62 \n * Linux kernel 3.2.63 \n * Linux kernel 3.2.72 \n * Linux kernel 3.2.78 \n * Linux kernel 3.2.81 \n * Linux kernel 3.2.82 \n * Linux kernel 3.2.9 \n * Linux kernel 3.3 \n * Linux kernel 3.3.2 \n * Linux kernel 3.3.4 \n * Linux kernel 3.3.5 \n * Linux kernel 3.4 \n * Linux kernel 3.4.1 \n * Linux kernel 3.4.10 \n * Linux kernel 3.4.11 \n * Linux kernel 3.4.12 \n * Linux kernel 3.4.13 \n * Linux kernel 3.4.14 \n * Linux kernel 3.4.15 \n * Linux kernel 3.4.16 \n * Linux kernel 3.4.17 \n * Linux kernel 3.4.18 \n * Linux kernel 3.4.19 \n * Linux kernel 3.4.2 \n * Linux kernel 3.4.20 \n * Linux kernel 3.4.21 \n * Linux kernel 3.4.25 \n * Linux kernel 3.4.26 \n * Linux kernel 3.4.27 \n * Linux kernel 3.4.29 \n * Linux kernel 3.4.3 \n * Linux kernel 3.4.31 \n * Linux kernel 3.4.32 \n * Linux kernel 3.4.36 \n * Linux kernel 3.4.4 \n * Linux kernel 3.4.42 \n * Linux kernel 3.4.5 \n * Linux kernel 3.4.58 \n * Linux kernel 3.4.6 \n * Linux kernel 3.4.64 \n * Linux kernel 3.4.67 \n * Linux kernel 3.4.7 \n * Linux kernel 3.4.70 \n * Linux kernel 3.4.71 \n * Linux kernel 3.4.72 \n * Linux kernel 3.4.73 \n * Linux kernel 3.4.76 \n * Linux kernel 3.4.8 \n * Linux kernel 3.4.80 \n * Linux kernel 3.4.81 \n * Linux kernel 3.4.86 \n * Linux kernel 3.4.87 \n * Linux kernel 3.4.88 \n * Linux kernel 3.4.9 \n * Linux kernel 3.4.93 \n * Linux kernel 3.5 \n * Linux kernel 3.5.1 \n * Linux kernel 3.5.2 \n * Linux kernel 3.5.3 \n * Linux kernel 3.5.4 \n * Linux kernel 3.5.5 \n * Linux kernel 3.5.6 \n * Linux kernel 3.5.7 \n * Linux kernel 3.6 \n * Linux kernel 3.6.1 \n * Linux kernel 3.6.10 \n * Linux kernel 3.6.11 \n * Linux kernel 3.6.2 \n * Linux kernel 3.6.3 \n * Linux kernel 3.6.4 \n * Linux kernel 3.6.5 \n * Linux kernel 3.6.6 \n * Linux kernel 3.6.7 \n * Linux kernel 3.6.8 \n * Linux kernel 3.6.9 \n * Linux kernel 3.7 \n * Linux kernel 3.7.1 \n * Linux kernel 3.7.10 \n * Linux kernel 3.7.2 \n * Linux kernel 3.7.3 \n * Linux kernel 3.7.4 \n * Linux kernel 3.7.5 \n * Linux kernel 3.7.6 \n * Linux kernel 3.7.7 \n * Linux kernel 3.7.8 \n * Linux kernel 3.7.9 \n * Linux kernel 3.8 \n * Linux kernel 3.8.1 \n * Linux kernel 3.8.2 \n * Linux kernel 3.8.4 \n * Linux kernel 3.8.5 \n * Linux kernel 3.8.6 \n * Linux kernel 3.8.9 \n * Linux kernel 3.9 \n * Linux kernel 3.9.4 \n * Linux kernel 3.9.8 \n * Linux kernel 4.0 \n * Linux kernel 4.0.5 \n * Linux kernel 4.0.6 \n * Linux kernel 4.1 \n * Linux kernel 4.1.1 \n * Linux kernel 4.1.15 \n * Linux kernel 4.1.4 \n * Linux kernel 4.10.0 \n * Linux kernel 4.10.1 \n * Linux kernel 4.10.10 \n * Linux kernel 4.10.11 \n * Linux kernel 4.10.12 \n * Linux kernel 4.10.13 \n * Linux kernel 4.10.2 \n * Linux kernel 4.10.3 \n * Linux kernel 4.10.4 \n * Linux kernel 4.15 \n * Linux kernel 4.15.11 \n * Linux kernel 4.15.14 \n * Linux kernel 4.15.16 \n * Linux kernel 4.15.4 \n * Linux kernel 4.15.7 \n * Linux kernel 4.15.8 \n * Linux kernel 4.15.9 \n * Linux kernel 4.16 \n * Linux kernel 4.16.11 \n * Linux kernel 4.16.3 \n * Linux kernel 4.16.6 \n * Linux kernel 4.16.9 \n * Linux kernel 4.17 \n * Linux kernel 4.17.1 \n * Linux kernel 4.17.10 \n * Linux kernel 4.17.11 \n * Linux kernel 4.17.2 \n * Linux kernel 4.17.3 \n * Linux kernel 4.17.4 \n * Linux kernel 4.17.7 \n * Linux kernel 4.18 \n * Linux kernel 4.18.1 \n * Linux kernel 4.18.11 \n * Linux kernel 4.18.12 \n * Linux kernel 4.18.16 \n * Linux kernel 4.18.5 \n * Linux kernel 4.18.6 \n * Linux kernel 4.18.9 \n * Linux kernel 4.19 \n * Linux kernel 4.19.13 \n * Linux kernel 4.19.2 \n * Linux kernel 4.19.3 \n * Linux kernel 4.19.6 \n * Linux kernel 4.19.8 \n * Linux kernel 4.2 \n * Linux kernel 4.2.3 \n * Linux kernel 4.2.8 \n * Linux kernel 4.3.3 \n * Oracle Communications Session Border Controller 7.4.0 \n * Oracle Communications Session Border Controller 8.0.0 \n * Oracle Communications Session Border Controller 8.1.0 \n * Oracle Communications Session Border Controller 8.2.0 \n * Oracle Communications Session Border Controller 8.3.0 \n * Oracle Communications Session Router 7.4 \n * Oracle Communications Session Router 8.0 \n * Oracle Communications Session Router 8.1 \n * Oracle Communications Session Router 8.2 \n * Oracle Communications Subscriber-Aware Load Balancer 7.3 \n * Oracle Communications Subscriber-Aware Load Balancer 8.1 \n * Oracle Communications Subscriber-Aware Load Balancer 8.3 \n * Oracle Enterprise Communications Broker PCz3.0 \n * Oracle Enterprise Communications Broker PCz3.1 \n * Oracle Enterprise Communications Broker PCz3.2 \n * Oracle Enterprise Session Border Controller 7.5.0 \n * Oracle Enterprise Session Border Controller 8.0.0 \n * Oracle Enterprise Session Border Controller 8.1.0 \n * Oracle Enterprise Session Border Controller 8.2.0 \n * Oracle Enterprise Session Border Controller 8.3.0 \n * Pulse Secure Pulse Connect Secure \n * Pulse Secure Pulse Policy Secure \n * Pulse Secure Pulse Secure vADC \n * Redhat CodeReady Linux Builder for ARM 64 8 \n * Redhat CodeReady Linux Builder for Power little endian 8 \n * Redhat CodeReady Linux Builder for x86_64 8 \n * Redhat Enterprise Linux 6 \n * Redhat Enterprise Linux 7 \n * Redhat Enterprise Linux 8 \n * Redhat Enterprise Linux Atomic Host \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop 7 \n * Redhat Enterprise Linux EUS Compute Node 7.4 \n * Redhat Enterprise Linux EUS Compute Node 7.5 \n * Redhat Enterprise Linux EUS Compute Node 7.6 \n * Redhat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3 \n * Redhat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 \n * Redhat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 \n * Redhat Enterprise Linux Server - AUS 6.5 \n * Redhat Enterprise Linux Server - AUS 6.6 \n * Redhat Enterprise Linux Server - AUS 7.2 \n * Redhat Enterprise Linux Server - AUS 7.3 \n * Redhat Enterprise Linux Server - AUS 7.4 \n * Redhat Enterprise Linux Server - AUS 7.6 \n * Redhat Enterprise Linux Server - Extended Update Support 7.4 \n * Redhat Enterprise Linux Server - Extended Update Support 7.5 \n * Redhat Enterprise Linux Server - Extended Update Support 7.6 \n * Redhat Enterprise Linux Server - TUS 7.2 \n * Redhat Enterprise Linux Server - TUS 7.3 \n * Redhat Enterprise Linux Server - TUS 7.4 \n * Redhat Enterprise Linux Server - TUS 7.6 \n * Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.2 \n * Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.3 \n * Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.4 \n * Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.6 \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server 7 \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation 7 \n * Redhat Enterprise Linux for ARM 64 8 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 \n * Redhat Enterprise Linux for IBM z Systems 6 \n * Redhat Enterprise Linux for IBM z Systems 7 \n * Redhat Enterprise Linux for IBM z Systems 8 \n * Redhat Enterprise Linux for Power little endian 8 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.5 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.6 \n * Redhat Enterprise Linux for Power, big endian 6 \n * Redhat Enterprise Linux for Power, big endian 7 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.5 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.6 \n * Redhat Enterprise Linux for Power, little endian 7 \n * Redhat Enterprise Linux for Real Time 7 \n * Redhat Enterprise Linux for Real Time 8 \n * Redhat Enterprise Linux for Real Time for NFV 7 \n * Redhat Enterprise Linux for Real Time for NFV 8 \n * Redhat Enterprise Linux for Scientific Computing 6 \n * Redhat Enterprise Linux for Scientific Computing 7 \n * Redhat Enterprise Linux for x86_64 8 \n * Redhat Enterprise Mrg 2 \n * Redhat MRG Realtime 2 \n * Redhat OpenShift Container Platform 4.0 \n * Redhat OpenShift Container Platform 4.1 \n * Redhat OpenShift Dedicated \n * Redhat OpenShift Online \n * Redhat Virtualization 4 \n * Redhat Virtualization Host - Extended Update Support 4.2 \n * Redhat Virtualization Host 4 \n * Symantec Advanced Secure Gateway 6.7 \n * Symantec Advanced Secure Gateway 7.1 \n * Symantec Content Analysis 2.3 \n * Symantec Content Analysis 2.4 \n * Symantec Management Center 2.2 \n * Symantec Management Center 2.3 \n * Symantec Reporter 10.3 \n * Symantec Reporter 10.4 \n * Symantec Security Analytics 7.2 \n * Symantec Security Analytics 7.3 \n * Symantec Security Analytics 8.0 \n * Symantec Web Isolation 1.12 \n * VMWare AppDefense \n * VMWare Container Service Extension \n * VMWare Enterprise PKS \n * VMWare Horizon \n * VMWare Horizon DaaS \n * VMWare Hybrid Cloud Extension \n * VMWare Identity Manager \n * VMWare Integrated OpenStack \n * VMWare NSX for vSphere \n * VMWare NSX-T Data Center \n * VMWare Pulse Console \n * VMWare SD-WAN Edge by VeloCloud \n * VMWare SD-WAN Gateway by VeloCloud \n * VMWare SD-WAN Orchestrator by VeloCloud \n * VMWare Skyline Collector \n * VMWare Unified Access Gateway \n * VMWare vCenter Server Appliance 6.0 \n * VMWare vCenter Server Appliance 6.5 \n * VMWare vCenter Server Appliance 6.7 \n * VMWare vCloud Availability Appliance \n * VMWare vCloud Director For Service Providers \n * VMWare vCloud Usage Meter \n * VMWare vRealize Automation \n * VMWare vRealize Business for Cloud \n * VMWare vRealize Code Stream \n * VMWare vRealize Log Insight \n * VMWare vRealize Network Insight \n * VMWare vRealize Operations Manager \n * VMWare vRealize Orchestrator Appliance \n * VMWare vRealize Suite Lifecycle Manager \n * VMWare vSphere Data Protection \n * VMWare vSphere Integrated Containers \n * VMWare vSphere Replication \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the potential damage that successful exploits may achieve, run all nonadministrative software as an unprivileged user.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from successful exploits.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-06-17T00:00:00", "published": "2019-06-17T00:00:00", "id": "SMNTC-108801", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108801", "type": "symantec", "title": "Linux Kernel CVE-2019-11477 Integer Overflow Vulnerability", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-18T20:48:00", "bulletinFamily": "software", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11815"], "description": "### SUMMARY\n\nSymantec Network Protection products using affected versions of the Linux kernel are susceptible to multiple vulnerabilities. A remote attacker can cause denial of service through resource exhaustion and memory corruption. A local attacker can escalate their privileges on the system.\n\n \n\n### AFFECTED PRODUCTS \n\nContent Analysis (CA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-11477, CVE-2019-11478, \nCVE-2019-11479 | 2.3 | Upgrade to a later version with fixes. \n2.4, 3.0 | Not available at this time \n3.1 | Not vulnerable, fixed in 3.1.0.0. \n \n \n\nDirector \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-11478, CVE-2019-11479 | 6.1 | Upgrade to a version of MC with the fixes. \n \n \n\nMail Threat Defense (MTD) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-11477, CVE-2019-11478, \nCVE-2019-11479 | 1.1 | Upgrade to a version of CAS and SMG with the fixes. \n \n \n\nMalware Analysis (MA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-11477, CVE-2019-11478, \nCVE-2019-11479 | 4.2 | Upgrade to a version of Content Analysis with fixes. \n \n \n\nManagement Center (MC) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-11477, CVE-2019-11478, \nCVE-2019-11479 | 2.4 and earlier | Upgrade to a later version with fixes. \n3.0 | Not vulnerable, fixed in 3.0.1.1 \n \n \n\nPacketShaper (PS) S-Series \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-11477, CVE-2019-11478, \nCVE-2019-11479 | 11.6, 11.9, 11.10 | A fix will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PS S-Series. Switch to a version of SSG with the vulnerability fixes. \n \n \n\nPolicyCenter (PC) S-Series \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-11477, CVE-2019-11478, \nCVE-2019-11479 | 1.1 | A fix will not be provided. Allot NetXplorer is a replacement product for PC S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \n \n \n\nReporter \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-11477, CVE-2019-11478, \nCVE-2019-11479 | 10.3, 10.4 | Upgrade to later version with fixes. \n10.5 | Not vulnerable, fixed \n \n \n\nSecurity Analytics (SA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-11477, CVE-2019-11478, \nCVE-2019-11479 | 7.2 | Not available at this time \n7.3, 8.0 | Upgrade to later version with fixes. \n8.1 | Not vulnerable, fixed. \n \n \n\nSSL Visibility (SSLV) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-11477, CVE-2019-11478, \nCVE-2019-11479 | 3.10 | Upgrade to later version with fixes. \n3.12 | Upgrade to later version with fixes. \n4.4 | Upgrade to later version with fixes. \n4.5 | Not available at this time \n5.0 | Not available at this time \n \n \n\nWeb Isolation (WI) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-11477, CVE-2019-11478, \nCVE-2019-11479 | 1.12 | Upgrade to 1.12.21+433. \n1.13 and later | Not vulnerable, fixed. \n \n \n\nX-Series XOS \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-11477 | 10.0 | Not vulnerable \n11.0 | A fix will not be provided. \nCVE-2019-11478, CVE-2019-11479, \nCVE-2019-11815 | 10.0, 11.0 | A fix will not be provided. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nThe following products are not vulnerable: \n**Advanced Secure Gateway \nAuthConnector \nBCAAA \nCacheFlow (CF) \nCloud Data Protection (CDP) for Salesforce \nCloud Data Protection (CDP) for ServiceNow \nCloud Data Protection (CDP) for Oracle CRM on Demand \nCloud Data Protection (CDP) Communication Server \nCloud Data Protection (CDP) Integration Server \nGeneral Auth Connector Login Application \nPacketShaper (PS) \nPolicyCenter (PC) \nProxyAV \nProxyAV ConLog and ConLogXP \nProxySG \nSymantec HSM Agent for the Luna SP \nUnified Agent (UA) \nWSS Agent (WSSA) \nWSS Mobile Agent**\n\n \n\n### ISSUES \n\nCVE-2019-11815 \n--- \n**Severity / CVSSv3** | High / 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n**References** | SecurityFocus: [BID 108283](<https://www.securityfocus.com/bid/108283>) / NVD: [CVE-2019-11815](<https://nvd.nist.gov/vuln/detail/CVE-2019-11815>) \n**Impact** | Denial of service, privilege escalation \n**Description** | A user-after-free flaw in the RDS over TCP implementation allows a remote attacker to corrupt the target's memory or a local attacker to escalate their privileges on the system. \n \n \n\nCVE-2019-11477 \n--- \n**Severity / CVSSv3** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 108801](<https://www.securityfocus.com/bid/108801>) / NVD: [CVE-2019-11477](<https://nvd.nist.gov/vuln/detail/CVE-2019-11477>) \n**Impact** | Denial of service \n**Description** | An integer overflow flag in TCP SACK processing allows a remote attacker to send crafted SACK segments on a TCP connection and cause denial of service through memory corruption. \n \n \n\nCVE-2019-11478 \n--- \n**Severity / CVSSv3** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 108798](<https://www.securityfocus.com/bid/108798>) / NVD: [CVE-2019-11478](<https://nvd.nist.gov/vuln/detail/CVE-2019-11478>) \n**Impact** | Denial of service \n**Description** | An excessive resource consumption flaw in TCP SACK processing allows a remote attacker to send crafted SACK segments on a TCP connection and cause denial of service. \n \n \n\nCVE-2019-11479 \n--- \n**Severity / CVSSv3** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 108818](<https://www.securityfocus.com/bid/108818>) / NVD: [CVE-2019-11479](<https://nvd.nist.gov/vuln/detail/CVE-2019-11479>) \n**Impact** | Denial of service \n**Description** | An excessive resource consumption flaw in TCP processing allows a remote attacker to send network traffic with low MSS on a TCP connection and cause denial of service. \n \n \n\n### REFERENCES\n\n[NFLX-2019-001] Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities - <https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md>\n\n \n\n### REVISION \n\n2021-02-18 A fix for CA 2.3 and MC 2.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2021-01-12 A fix for SSLV 3.10 and SSLV 3.12 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-19 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for XOS 9.7, 10.0, and 11.0 will not be provided. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. A fix for Reporter 10.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-12 Content Analysis 3.1 is not vulnerable because a fix is available in 3.1.0.0. \n2020-08-19 MC 3.0 is not vulnerable because a fix is available in 3.0.1.1. A fix for MC 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-04-05 Content Analysis 3.0 and Management Center 2.4 are vulnerable to CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479. A fix will not be provided for Management Center 2.2, Reporter 10.3, and SSL Visibility 4.4. Please upgrade to a later version with the vulnerability fixes. Reporter 10.5 is not vulnerable because a fix is available in 10.5.1.1. Security Analytics 8.1 is not vulnerable because a fix is available in 8.1.1. X-Series XOS 10.0 and 11.0 are vulnerable to CVE-2019-11815. \n2020-04-04 A fix for PacketShaper S-Series will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper S-Series. Switch to a version of SSG with the vulnerability fixes. A fix for PolicyCenter S-Series will not be provided. Allot NetXplorer is a replacement product for PolicyCenter S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \n2020-01-26 MC 2.4 is vulnerable to CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479. \n2020-01-19 A fix for Malware Analysis will not be provided. Please upgrade to a version of Content Analysis with the vulnerability fixes. \n2019-10-07 WI 1.13 is not vulnerable. \n2019-09-26 Advanced Secure Gateway (ASG) is not vulnerable. \n2019-09-05 initial public release\n", "modified": "2021-02-18T19:00:49", "published": "2019-09-05T08:00:00", "id": "SMNTC-1492", "href": "", "type": "symantec", "title": "Linux Kernel Vulnerabilities May-June 2019", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\n* Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-06-17T22:01:49", "published": "2019-06-17T21:31:05", "id": "RHSA-2019:1481", "href": "https://access.redhat.com/errata/RHSA-2019:1481", "type": "redhat", "title": "(RHSA-2019:1481) Important: kernel security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:39", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\n* Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-06-17T23:53:10", "published": "2019-06-17T23:45:06", "id": "RHSA-2019:1486", "href": "https://access.redhat.com/errata/RHSA-2019:1486", "type": "redhat", "title": "(RHSA-2019:1486) Important: kernel-rt security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:08", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\n* Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-06-17T22:52:54", "published": "2019-06-17T22:34:01", "id": "RHSA-2019:1482", "href": "https://access.redhat.com/errata/RHSA-2019:1482", "type": "redhat", "title": "(RHSA-2019:1482) Important: kernel security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:09", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "The kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es):\n\n* An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\n* Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n* kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-06-25T20:52:22", "published": "2019-06-25T20:27:31", "id": "RHSA-2019:1602", "href": "https://access.redhat.com/errata/RHSA-2019:1602", "type": "redhat", "title": "(RHSA-2019:1602) Important: kernel-alt security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:48", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\n* Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* THP: Race between MADV_DONTNEED and NUMA hinting node migration code (BZ#1698104)\n\n* [RHEL7] md_clear flag missing from /proc/cpuinfo on late microcode update (BZ#1712990)\n\n* [RHEL7] MDS mitigations are not enabled after double microcode update (BZ#1712995)\n\n* WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:90 __static_key_slow_dec+0xa6/0xb0 (BZ#1713001)", "modified": "2019-06-17T23:28:20", "published": "2019-06-17T23:12:10", "id": "RHSA-2019:1484", "href": "https://access.redhat.com/errata/RHSA-2019:1484", "type": "redhat", "title": "(RHSA-2019:1484) Important: kernel security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:22", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.\n\nSecurity Fix(es):\n\n* Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service (CVE-2019-11477)\n\n* Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n* kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-06-25T12:55:17", "published": "2019-06-25T12:48:48", "id": "RHSA-2019:1594", "href": "https://access.redhat.com/errata/RHSA-2019:1594", "type": "redhat", "title": "(RHSA-2019:1594) Important: redhat-virtualization-host security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:22", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\n* Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* THP: Race between MADV_DONTNEED and NUMA hinting node migration code (BZ#1698103)\n\n* [RHEL7] md_clear flag missing from /proc/cpuinfo on late microcode update (BZ#1712989)\n\n* [RHEL7] MDS mitigations are not enabled after double microcode update (BZ#1712994)\n\n* WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:90 __static_key_slow_dec+0xa6/0xb0 (BZ#1713000)", "modified": "2019-06-17T23:24:40", "published": "2019-06-17T23:12:21", "id": "RHSA-2019:1485", "href": "https://access.redhat.com/errata/RHSA-2019:1485", "type": "redhat", "title": "(RHSA-2019:1485) Important: kernel security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-9213"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\n* kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms (CVE-2019-9213)\n\n* Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update to the RHEL8.0.z batch#1 source tree (BZ#1704955)", "modified": "2019-06-17T23:52:37", "published": "2019-06-17T23:45:02", "id": "RHSA-2019:1480", "href": "https://access.redhat.com/errata/RHSA-2019:1480", "type": "redhat", "title": "(RHSA-2019:1480) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-3896"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\n* kernel: Double free in lib/idr.c (CVE-2019-3896)\n\n* Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* MDS mitigations not enabled on Intel Skylake CPUs (BZ#1710081)\n\n* RHEL6 kernel does not disable SMT with mds=full,nosmt (BZ#1710121)\n\n* [RHEL6] md_clear flag missing from /proc/cpuinfo (BZ#1710517)", "modified": "2019-06-17T21:59:52", "published": "2019-06-17T21:31:37", "id": "RHSA-2019:1488", "href": "https://access.redhat.com/errata/RHSA-2019:1488", "type": "redhat", "title": "(RHSA-2019:1488) Important: kernel security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:03", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-9213"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\n* kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms (CVE-2019-9213)\n\n* Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [HPE 8.0 Bug] nvme drive power button does not turn off drive (BZ#1700288)\n\n* RHEL8.0 - hw csum failure seen in dmesg and console (using mlx5/mlx4/Mellanox) (BZ#1700289)\n\n* RHEL8.0 - vfio-ap: add subsystem to matrix device to avoid libudev failures (kvm) (BZ#1700290)\n\n* [FJ8.1 Bug]: Make Fujitsu Erratum 010001 patch work on A64FX v1r0 (BZ#1700901)\n\n* [FJ8.0 Bug]: Fujitsu A64FX processor errata - panic by unknown fault (BZ#1700902)\n\n* RHEL 8.0 Snapshot 4 - nvme create-ns command hangs after creating 20 namespaces on Bolt (NVMe) (BZ#1701140)\n\n* [Cavium/Marvell 8.0 qed] Fix qed_mcp_halt() and qed_mcp_resume() (backporting bug) (BZ#1704184)\n\n* [Intel 8.1 Bug] PBF: Base frequency display fix (BZ#1706739)\n\n* [RHEL8]read/write operation not permitted to /sys/kernel/debug/gcov/reset (BZ#1708100)\n\n* RHEL8.0 - ISST-LTE:pVM:fleetwood:LPM:raylp85:After lpm seeing the console logs on the the lpar at target side (BZ#1708102)\n\n* RHEL8.0 - Backport support for software count cache flush Spectre v2 mitigation (BZ#1708112)\n\n* [Regression] RHEL8.0 - System crashed with one stress-ng-mremap stressor on Boston (kvm host) (BZ#1708617)\n\n* [intel ice Rhel 8 RC1] ethtool -A ethx causes interfaces to go down (BZ#1709433)", "modified": "2019-06-17T21:53:30", "published": "2019-06-17T21:30:08", "id": "RHSA-2019:1479", "href": "https://access.redhat.com/errata/RHSA-2019:1479", "type": "redhat", "title": "(RHSA-2019:1479) Important: kernel security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "Arch Linux Security Advisory ASA-201906-14\n==========================================\n\nSeverity: High\nDate : 2019-06-18\nCVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479\nPackage : linux-lts\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-984\n\nSummary\n=======\n\nThe package linux-lts before version 4.19.52-1 is vulnerable to denial\nof service.\n\nResolution\n==========\n\nUpgrade to 4.19.52-1.\n\n# pacman -Syu \"linux-lts>=4.19.52-1\"\n\nThe problems have been fixed upstream in version 4.19.52.\n\nWorkaround\n==========\n\n- CVE-2019-11477 and CVE-2019-11478\n\n $ sudo sysctl -w net.ipv4.tcp_sack=0\n\nThe mitigation described below for CVE-2019-11479 is also sufficient\nfor CVE-2019-11477 and CVE-2019-11478 if disabling TCP SACK support is\nnot viable.\n\n- CVE-2019-11479\n\n $ sudo iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP\n\nThe net.ipv4.tcp_mtu_probing sysctl must be disabled (set to 0) when\nusing the iptables rules shown above.\n\nDescription\n===========\n\n- CVE-2019-11477 (denial of service)\n\nAn integer overflow has been discovered in the Linux kernel when\nhandling TCP Selective Acknowledgments (SACKs). A sequence of SACKs may\nbe crafted such that one can trigger a kernel panic. A remote attacker\ncould use this to cause a denial of service (system crash).\n\n- CVE-2019-11478 (denial of service)\n\nAn excessive resource consumption flaw was found in the way the Linux\nkernel's networking subsystem processed TCP Selective Acknowledgment\n(SACK) segments. While processing SACK segments, the Linux kernel's\nsocket buffer (SKB) data structure becomes fragmented, which leads to\nincreased resource utilization to traverse and process these fragments\nas further SACK segments are received on the same TCP connection. A\nremote attacker could use this flaw to cause a denial of service (DoS)\nby sending a crafted sequence of SACK segments on a TCP connection.\n\n- CVE-2019-11479 (denial of service)\n\nAn excessive resource consumption flaw was found in the way the Linux\nkernel's networking subsystem processed TCP segments. If the Maximum\nSegment Size (MSS) of a TCP connection was set to low values, such as\n48 bytes, it can leave as little as 8 bytes for the user data, which\nsignificantly increases the Linux kernel's resource (CPU, Memory, and\nBandwidth) utilization. A remote attacker could use this flaw to cause\na denial of service (DoS) by repeatedly sending network traffic on a\nTCP connection with low TCP MSS.\n\nImpact\n======\n\nA remote attacker is able to crash the system by sending specially\ncrafted TCP packets.\n\nReferences\n==========\n\nhttps://www.openwall.com/lists/oss-security/2019/06/17/5\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6\nhttps://security.archlinux.org/CVE-2019-11477\nhttps://security.archlinux.org/CVE-2019-11478\nhttps://security.archlinux.org/CVE-2019-11479", "modified": "2019-06-18T00:00:00", "published": "2019-06-18T00:00:00", "id": "ASA-201906-14", "href": "https://security.archlinux.org/ASA-201906-14", "type": "archlinux", "title": "[ASA-201906-14] linux-lts: denial of service", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "Arch Linux Security Advisory ASA-201906-13\n==========================================\n\nSeverity: High\nDate : 2019-06-18\nCVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479\nPackage : linux\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-983\n\nSummary\n=======\n\nThe package linux before version 5.1.11.arch1-1 is vulnerable to denial\nof service.\n\nResolution\n==========\n\nUpgrade to 5.1.11.arch1-1.\n\n# pacman -Syu \"linux>=5.1.11.arch1-1\"\n\nThe problems have been fixed upstream in version 5.1.11.arch1.\n\nWorkaround\n==========\n\n- CVE-2019-11477 and CVE-2019-11478\n\n $ sudo sysctl -w net.ipv4.tcp_sack=0\n\nThe mitigation described below for CVE-2019-11479 is also sufficient\nfor CVE-2019-11477 and CVE-2019-11478 if disabling TCP SACK support is\nnot viable.\n\n- CVE-2019-11479\n\n $ sudo iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP\n\nThe net.ipv4.tcp_mtu_probing sysctl must be disabled (set to 0) when\nusing the iptables rules shown above.\n\nDescription\n===========\n\n- CVE-2019-11477 (denial of service)\n\nAn integer overflow has been discovered in the Linux kernel when\nhandling TCP Selective Acknowledgments (SACKs). A sequence of SACKs may\nbe crafted such that one can trigger a kernel panic. A remote attacker\ncould use this to cause a denial of service (system crash).\n\n- CVE-2019-11478 (denial of service)\n\nAn excessive resource consumption flaw was found in the way the Linux\nkernel's networking subsystem processed TCP Selective Acknowledgment\n(SACK) segments. While processing SACK segments, the Linux kernel's\nsocket buffer (SKB) data structure becomes fragmented, which leads to\nincreased resource utilization to traverse and process these fragments\nas further SACK segments are received on the same TCP connection. A\nremote attacker could use this flaw to cause a denial of service (DoS)\nby sending a crafted sequence of SACK segments on a TCP connection.\n\n- CVE-2019-11479 (denial of service)\n\nAn excessive resource consumption flaw was found in the way the Linux\nkernel's networking subsystem processed TCP segments. If the Maximum\nSegment Size (MSS) of a TCP connection was set to low values, such as\n48 bytes, it can leave as little as 8 bytes for the user data, which\nsignificantly increases the Linux kernel's resource (CPU, Memory, and\nBandwidth) utilization. A remote attacker could use this flaw to cause\na denial of service (DoS) by repeatedly sending network traffic on a\nTCP connection with low TCP MSS.\n\nImpact\n======\n\nA remote attacker is able to crash the system by sending specially\ncrafted TCP packets.\n\nReferences\n==========\n\nhttps://www.openwall.com/lists/oss-security/2019/06/17/5\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6\nhttps://security.archlinux.org/CVE-2019-11477\nhttps://security.archlinux.org/CVE-2019-11478\nhttps://security.archlinux.org/CVE-2019-11479", "modified": "2019-06-18T00:00:00", "published": "2019-06-18T00:00:00", "id": "ASA-201906-13", "href": "https://security.archlinux.org/ASA-201906-13", "type": "archlinux", "title": "[ASA-201906-13] linux: denial of service", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "Arch Linux Security Advisory ASA-201906-15\n==========================================\n\nSeverity: High\nDate : 2019-06-18\nCVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479\nPackage : linux-zen\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-985\n\nSummary\n=======\n\nThe package linux-zen before version 5.1.11.zen1-1 is vulnerable to\ndenial of service.\n\nResolution\n==========\n\nUpgrade to 5.1.11.zen1-1.\n\n# pacman -Syu \"linux-zen>=5.1.11.zen1-1\"\n\nThe problems have been fixed upstream in version 5.1.11.zen1.\n\nWorkaround\n==========\n\n- CVE-2019-11477 and CVE-2019-11478\n\n $ sudo sysctl -w net.ipv4.tcp_sack=0\n\nThe mitigation described below for CVE-2019-11479 is also sufficient\nfor CVE-2019-11477 and CVE-2019-11478 if disabling TCP SACK support is\nnot viable.\n\n- CVE-2019-11479\n\n $ sudo iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP\n\nThe net.ipv4.tcp_mtu_probing sysctl must be disabled (set to 0) when\nusing the iptables rules shown above.\n\nDescription\n===========\n\n- CVE-2019-11477 (denial of service)\n\nAn integer overflow has been discovered in the Linux kernel when\nhandling TCP Selective Acknowledgments (SACKs). A sequence of SACKs may\nbe crafted such that one can trigger a kernel panic. A remote attacker\ncould use this to cause a denial of service (system crash).\n\n- CVE-2019-11478 (denial of service)\n\nAn excessive resource consumption flaw was found in the way the Linux\nkernel's networking subsystem processed TCP Selective Acknowledgment\n(SACK) segments. While processing SACK segments, the Linux kernel's\nsocket buffer (SKB) data structure becomes fragmented, which leads to\nincreased resource utilization to traverse and process these fragments\nas further SACK segments are received on the same TCP connection. A\nremote attacker could use this flaw to cause a denial of service (DoS)\nby sending a crafted sequence of SACK segments on a TCP connection.\n\n- CVE-2019-11479 (denial of service)\n\nAn excessive resource consumption flaw was found in the way the Linux\nkernel's networking subsystem processed TCP segments. If the Maximum\nSegment Size (MSS) of a TCP connection was set to low values, such as\n48 bytes, it can leave as little as 8 bytes for the user data, which\nsignificantly increases the Linux kernel's resource (CPU, Memory, and\nBandwidth) utilization. A remote attacker could use this flaw to cause\na denial of service (DoS) by repeatedly sending network traffic on a\nTCP connection with low TCP MSS.\n\nImpact\n======\n\nA remote attacker is able to crash the system by sending specially\ncrafted TCP packets.\n\nReferences\n==========\n\nhttps://www.openwall.com/lists/oss-security/2019/06/17/5\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6\nhttps://security.archlinux.org/CVE-2019-11477\nhttps://security.archlinux.org/CVE-2019-11478\nhttps://security.archlinux.org/CVE-2019-11479", "modified": "2019-06-18T00:00:00", "published": "2019-06-18T00:00:00", "id": "ASA-201906-15", "href": "https://security.archlinux.org/ASA-201906-15", "type": "archlinux", "title": "[ASA-201906-15] linux-zen: denial of service", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "Arch Linux Security Advisory ASA-201906-12\n==========================================\n\nSeverity: High\nDate : 2019-06-17\nCVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479\nPackage : linux-hardened\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-986\n\nSummary\n=======\n\nThe package linux-hardened before version 5.1.11.a-1 is vulnerable to\ndenial of service.\n\nResolution\n==========\n\nUpgrade to 5.1.11.a-1.\n\n# pacman -Syu \"linux-hardened>=5.1.11.a-1\"\n\nThe problems have been fixed upstream in version 5.1.11.a.\n\nWorkaround\n==========\n\n- CVE-2019-11477 and CVE-2019-11478\n\n $ sudo sysctl -w net.ipv4.tcp_sack=0\n\nThe mitigation described below for CVE-2019-11479 is also sufficient\nfor CVE-2019-11477 and CVE-2019-11478 if disabling TCP SACK support is\nnot viable.\n\n- CVE-2019-11479\n\n $ sudo iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP\n\nThe net.ipv4.tcp_mtu_probing sysctl must be disabled (set to 0) when\nusing the iptables rules shown above.\n\nDescription\n===========\n\n- CVE-2019-11477 (denial of service)\n\nAn integer overflow has been discovered in the Linux kernel when\nhandling TCP Selective Acknowledgments (SACKs). A sequence of SACKs may\nbe crafted such that one can trigger a kernel panic. A remote attacker\ncould use this to cause a denial of service (system crash).\n\n- CVE-2019-11478 (denial of service)\n\nAn excessive resource consumption flaw was found in the way the Linux\nkernel's networking subsystem processed TCP Selective Acknowledgment\n(SACK) segments. While processing SACK segments, the Linux kernel's\nsocket buffer (SKB) data structure becomes fragmented, which leads to\nincreased resource utilization to traverse and process these fragments\nas further SACK segments are received on the same TCP connection. A\nremote attacker could use this flaw to cause a denial of service (DoS)\nby sending a crafted sequence of SACK segments on a TCP connection.\n\n- CVE-2019-11479 (denial of service)\n\nAn excessive resource consumption flaw was found in the way the Linux\nkernel's networking subsystem processed TCP segments. If the Maximum\nSegment Size (MSS) of a TCP connection was set to low values, such as\n48 bytes, it can leave as little as 8 bytes for the user data, which\nsignificantly increases the Linux kernel's resource (CPU, Memory, and\nBandwidth) utilization. A remote attacker could use this flaw to cause\na denial of service (DoS) by repeatedly sending network traffic on a\nTCP connection with low TCP MSS.\n\nImpact\n======\n\nA remote attacker is able to crash the system by sending specially\ncrafted TCP packets.\n\nReferences\n==========\n\nhttps://www.openwall.com/lists/oss-security/2019/06/17/5\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6\nhttps://security.archlinux.org/CVE-2019-11477\nhttps://security.archlinux.org/CVE-2019-11478\nhttps://security.archlinux.org/CVE-2019-11479", "modified": "2019-06-17T00:00:00", "published": "2019-06-17T00:00:00", "id": "ASA-201906-12", "href": "https://security.archlinux.org/ASA-201906-12", "type": "archlinux", "title": "[ASA-201906-12] linux-hardened: denial of service", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "attackerkb": [{"lastseen": "2020-11-18T06:45:54", "bulletinFamily": "info", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "A Linux kernel vulnerability in TCP networking could allow DoS\n\n> CVE-2019-11477 is considered an Important severity, whereas CVE-2019-11478 and CVE-2019-11479 are considered a Moderate severity. The first two are related to the Selective Acknowledgement (SACK) packets combined with Maximum Segment Size (MSS), the third solely with the Maximum Segment Size (MSS).\n\nVulnerable code exists in <https://github.com/torvalds/linux/blob/master/include/linux/skbuff.h>\n\nThis might stick around in various embedded hardware, which could be more disasterous if DoS\u2019ed, but it\u2019s too early to tell.\n\n \n**Recent assessments:** \n \n**J3rryBl4nks** at March 10, 2020 3:02pm UTC reported:\n\nBecause this is a kernel panic, it is only useful if your goal is to take the host offline. Because DOS attacks are less useful overall to an attacker than RCE, LFI, or anything useful really, these vulnerabilities are not useful to have in your toolkit.\n\nAssessed Attacker Value: 1 \nAssessed Attacker Value: 3**asoto-r7** at June 17, 2019 9:06pm UTC reported:\n\nBecause this is a kernel panic, it is only useful if your goal is to take the host offline. Because DOS attacks are less useful overall to an attacker than RCE, LFI, or anything useful really, these vulnerabilities are not useful to have in your toolkit.\n\nAssessed Attacker Value: 1 \n\n", "modified": "2020-02-13T00:00:00", "published": "2020-02-13T00:00:00", "id": "AKB:B358B251-7E9D-453E-8802-E59A3DE72FAA", "href": "https://attackerkb.com/topics/fyFtG4mfT5/tcp-sack-panic", "type": "attackerkb", "title": "TCP SACK PANIC", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2020-06-08T22:38:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "The Kernel in Greenbone OS is prone to multiple denial of service vulnerabilities.", "modified": "2020-06-04T00:00:00", "published": "2019-06-21T00:00:00", "id": "OPENVAS:1361412562310107017", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107017", "type": "openvas", "title": "Greenbone OS - Kernel Denial of Service Vulnerabilities - June 19", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/o:greenbone:greenbone_os\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107017\");\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n script_version(\"2020-06-04T11:48:22+0000\");\n\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:48:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-21 11:11:07 +0200 (Fri, 21 Jun 2019)\");\n\n script_name(\"Greenbone OS - Kernel Denial of Service Vulnerabilities - June 19\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_dependencies(\"gb_greenbone_os_consolidation.nasl\");\n script_mandatory_keys(\"greenbone/gos/detected\");\n\n script_tag(name:\"summary\", value:\"The Kernel in Greenbone OS is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"insight\", value:\"Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS)\n networking vulnerabilities may cause denial-of-service conditions in Linux kernels as used\n in Greenbone OS.\");\n\n script_tag(name:\"impact\", value:\"A remote attacker could use this to cause a denial of service or kernel failure (panic) by:\n\n - triggering an integer overflow (CVE-2019-11477)\n\n - sending a sequence of specifically crafted selective acknowledgements (SACK),\n that may cause a fragmented TCP queue (CVE-2019-11478)\n\n - making use of the default maximum segment size (MSS), which is hard-coded to 48 bytes.\n This may cause an increase of fragmented packets (CVE-2019-11479).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Update to Greenbone OS 4.2.29, 4.3.14 or 5.0.3.\");\n\n script_tag(name:\"affected\", value:\"Greenbone OS prior to version 4.2.29, 4.3.14 or 5.0.3 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://www.kb.cert.org/vuls/id/905115\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! version = get_app_version( cpe:CPE, nofork:TRUE ) )\n exit( 0 );\n\nversion = str_replace( string:version, find:\"-\", replace:\".\" );\n\nif( version_is_less( version:version, test_version:\"4.2.29\" ) ) {\n report = report_fixed_ver( installed_version:version, fixed_version:\"4.2.29\" );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nif( version =~ \"^4\\.3\" ) {\n if( version_is_less( version:version, test_version:\"4.3.14\" ) ) {\n report = report_fixed_ver( installed_version:version, fixed_version:\"4.3.14\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nif( version =~ \"^5\\.0\" ) {\n if( version_is_less( version:version, test_version:\"5.0.3\" ) ) {\n report = report_fixed_ver( installed_version:version, fixed_version:\"5.0.3\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-09-05T14:51:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "The remote host is missing an update for the ", "modified": "2019-09-05T00:00:00", "published": "2019-06-19T00:00:00", "id": "OPENVAS:1361412562310883066", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883066", "type": "openvas", "title": "CentOS Update for kernel CESA-2019:1481 centos7 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883066\");\n script_version(\"2019-09-05T05:22:48+0000\");\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-05 05:22:48 +0000 (Thu, 05 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-19 02:00:47 +0000 (Wed, 19 Jun 2019)\");\n script_name(\"CentOS Update for kernel CESA-2019:1481 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:1481\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-June/023333.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the CESA-2019:1481 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\n * An integer overflow flaw was found in the way the Linux kernel's\nnetworking subsystem processed TCP Selective Acknowledgment (SACK)\nsegments. While processing SACK segments, the Linux kernel's socket buffer\n(SKB) data structure becomes fragmented. Each fragment is about TCP maximum\nsegment size (MSS) bytes. To efficiently process SACK blocks, the Linux\nkernel merges multiple fragmented SKBs into one, potentially overflowing\nthe variable holding the number of segments. A remote attacker could use\nthis flaw to crash the Linux kernel by sending a crafted sequence of SACK\nsegments on a TCP connection with small value of TCP MSS, resulting in a\ndenial of service (DoS). (CVE-2019-11477)\n\n * Kernel: tcp: excessive resource consumption while processing SACK blocks\nallows remote denial of service (CVE-2019-11478)\n\n * Kernel: tcp: excessive resource consumption for TCP connections with low\nMSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bpftool\", rpm:\"bpftool~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~957.21.3.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-06-25T16:43:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "The remote host is missing an update for the ", "modified": "2019-06-25T00:00:00", "published": "2019-06-19T00:00:00", "id": "OPENVAS:1361412562310876513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876513", "type": "openvas", "title": "Fedora Update for kernel-headers FEDORA-2019-6c3d89b3d0", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876513\");\n script_version(\"2019-06-25T09:45:07+0000\");\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11479\", \"CVE-2019-11478\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 09:45:07 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-19 02:14:56 +0000 (Wed, 19 Jun 2019)\");\n script_name(\"Fedora Update for kernel-headers FEDORA-2019-6c3d89b3d0\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-6c3d89b3d0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q4XUPJ5UKLTJTEEMFJKHMT6YHU72NMX3\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-headers'\n package(s) announced via the FEDORA-2019-6c3d89b3d0 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Kernel-headers includes the C header files that specify the interface\nbetween the Linux kernel and userspace libraries and programs. The\nheader files define structures and constants that are needed for\nbuilding most standard programs and are also needed for rebuilding the\nglibc package.\");\n\n script_tag(name:\"affected\", value:\"'kernel-headers' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~5.1.11~300.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-06-25T16:43:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "The remote host is missing an update for the ", "modified": "2019-06-25T00:00:00", "published": "2019-06-19T00:00:00", "id": "OPENVAS:1361412562310876514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876514", "type": "openvas", "title": "Fedora Update for kernel-headers FEDORA-2019-914542e05c", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876514\");\n script_version(\"2019-06-25T09:45:07+0000\");\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11479\", \"CVE-2019-11478\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 09:45:07 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-19 02:14:58 +0000 (Wed, 19 Jun 2019)\");\n script_name(\"Fedora Update for kernel-headers FEDORA-2019-914542e05c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-914542e05c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NF2FRGIHTIJXMXNVRVHZFMIPJWF2XF\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-headers'\n package(s) announced via the FEDORA-2019-914542e05c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Kernel-headers includes the C header files that specify the interface\nbetween the Linux kernel and userspace libraries and programs. The\nheader files define structures and constants that are needed for\nbuilding most standard programs and are also needed for rebuilding the\nglibc package.\");\n\n script_tag(name:\"affected\", value:\"'kernel-headers' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~5.1.11~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-06-25T16:43:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-3896", "CVE-2019-11479"], "description": "The remote host is missing an update for the ", "modified": "2019-06-25T00:00:00", "published": "2019-06-19T00:00:00", "id": "OPENVAS:1361412562310883065", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883065", "type": "openvas", "title": "CentOS Update for kernel CESA-2019:1488 centos6 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883065\");\n script_version(\"2019-06-25T09:45:07+0000\");\n script_cve_id(\"CVE-2019-3896\", \"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 09:45:07 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-19 02:00:43 +0000 (Wed, 19 Jun 2019)\");\n script_name(\"CentOS Update for kernel CESA-2019:1488 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:1488\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-June/023332.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the CESA-2019:1488 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\n * An integer overflow flaw was found in the way the Linux kernel's\nnetworking subsystem processed TCP Selective Acknowledgment (SACK)\nsegments. While processing SACK segments, the Linux kernel's socket buffer\n(SKB) data structure becomes fragmented. Each fragment is about TCP maximum\nsegment size (MSS) bytes. To efficiently process SACK blocks, the Linux\nkernel merges multiple fragmented SKBs into one, potentially overflowing\nthe variable holding the number of segments. A remote attacker could use\nthis flaw to crash the Linux kernel by sending a crafted sequence of SACK\nsegments on a TCP connection with small value of TCP MSS, resulting in a\ndenial of service (DoS). (CVE-2019-11477)\n\n * kernel: Double free in lib/idr.c (CVE-2019-3896)\n\n * Kernel: tcp: excessive resource consumption while processing SACK blocks\nallows remote denial of service (CVE-2019-11478)\n\n * Kernel: tcp: excessive resource consumption for TCP connections with low\nMSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug Fix(es):\n\n * MDS mitigations not enabled on Intel Skylake CPUs (BZ#1710081)\n\n * RHEL6 kernel does not disable SMT with mds=full, nosmt (BZ#1710121)\n\n * [RHEL6] md_clear flag missing from /proc/cpuinfo (BZ#1710517)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~754.15.3.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~754.15.3.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~754.15.3.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~754.15.3.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~754.15.3.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~754.15.3.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~754.15.3.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~754.15.3.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~754.15.3.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~754.15.3.el6\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:40:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11833", "CVE-2019-11477", "CVE-2019-11479"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191692", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191692", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1692)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1692\");\n script_version(\"2020-01-23T12:20:06+0000\");\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\", \"CVE-2019-11833\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:20:06 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:20:06 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1692)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1692\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1692\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1692 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\nKernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\nKernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nA flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem.(CVE-2019-11833)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.0.h197.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~862.14.1.0.h197.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~862.14.1.0.h197.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.0.h197.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.0.h197.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.0.h197.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.0.h197.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.0.h197.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.0.h197.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:38:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-12817", "CVE-2019-11479"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191792", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191792", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1792)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1792\");\n script_version(\"2020-01-23T12:22:31+0000\");\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\", \"CVE-2019-12817\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:22:31 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:22:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1792)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1792\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1792\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1792 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\nKernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\nKernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nA flaw was found in the way the Linux kernel's memory subsystem on certain 64-bit PowerPCs with the hash page table MMU handled memory above 512TB. A local, unprivileged user could use this flaw to escalate their privileges on the system.(CVE-2019-12817)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.36~vhulk1906.3.0.h356.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~4.19.36~vhulk1906.3.0.h356.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-aarch64\", rpm:\"kernel-debuginfo-common-aarch64~4.19.36~vhulk1906.3.0.h356.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.36~vhulk1906.3.0.h356.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.36~vhulk1906.3.0.h356.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.36~vhulk1906.3.0.h356.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.36~vhulk1906.3.0.h356.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.36~vhulk1906.3.0.h356.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.36~vhulk1906.3.0.h356.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "citrix": [{"lastseen": "2021-01-19T22:28:06", "bulletinFamily": "software", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<h2> Description of Problem</h2>\n<div>\n<div>\n<div>\n<p>Multiple denial of service vulnerabilities have been identified in the Citrix SD-WAN Appliance and Citrix SD-WAN Center Management Console. These vulnerabilities could permit a remote attacker to cause a denial of service by causing a host crash or by causing reduced service capacity due to resource exhaustion. The vulnerabilities have been assigned the following CVE numbers.</p>\n<ul>\n<li>CVE-2019-11477: SACK Panic </li>\n<li>CVE-2019-11478: SACK Slowness or Excess Resource Usage</li>\n<li>CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values</li>\n</ul>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Mitigating Factors</h2>\n<div>\n<div>\n<div>\n<p>In order to protect against these vulnerabilities and web application related issues, Citrix recommends access to the management console be restricted. In situations where customers have deployed their management console in line with industry best practice, network access to this interface should already be restricted.</p>\n<p>Security Best Practices:</p>\n<p>10.x - <a href=\"https://docs.citrix.com/en-us/netscaler-sd-wan/10/best-practices/security-best-practices.html\">https://docs.citrix.com/en-us/netscaler-sd-wan/10/best-practices/security-best-practices.html</a></p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> What Customers Should Do</h2>\n<div>\n<div>\n<div>\n<p>These vulnerabilities have been addressed in the following software versions: </p>\n<p>\u2022 NetScaler SD-WAN 10.0.8</p>\n<p>\u2022 Citrix SD-WAN 10.2.4</p>\n<p>\u2022 Citrix SD-WAN 11.0.1</p>\n<p>Citrix recommends that customers using vulnerable software upgrade their management console to the new version or later as soon as possible.</p>\n<p>Customers using versions of the product that will not contain a fix (i.e. 9.3.x) are advised to consider upgrading to a version that does contain the fix (i.e. 11.0.1)</p>\n<p>The new software versions will be available on the Citrix website. Information on the available versions can be found at the following location:</p>\n<p> <a href=\"https://www.citrix.com/downloads/netscaler-sd-wan/\">https://www.citrix.com/downloads/netscaler-sd-wan/</a></p>\n<p>In line with general best practice, Citrix also recommends that customers limit access to the management console of the Citrix SD-WAN Appliance and Citrix SD-WAN Center Management Console to trusted network traffic only.</p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> What Citrix Is Doing</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Obtaining Support on This Issue</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Reporting Security Vulnerabilities</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Changelog</h2>\n<div>\n<div>\n<div>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">Date </td>\n<td colspan=\"1\" rowspan=\"1\">Change</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">11th September 2019</td>\n<td colspan=\"1\" rowspan=\"1\">Initial Publication</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n</div></div>\n</section>", "modified": "2019-09-11T04:00:00", "published": "2020-11-09T09:09:02", "id": "CTX256918", "href": "https://support.citrix.com/article/CTX256918", "type": "citrix", "title": "Citrix SD-WAN Security Update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "modified": "2019-06-18T21:19:41", "published": "2019-06-18T21:19:41", "id": "FEDORA:48EB163233DC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: kernel-headers-5.1.11-200.fc29", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "modified": "2019-06-18T18:15:45", "published": "2019-06-18T18:15:45", "id": "FEDORA:7809D6CB440C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: kernel-headers-5.1.11-300.fc30", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-06-21T12:44:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "kernel-uek\n[3.8.13-118.35.2]\n- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886600] {CVE-2019-11477}\n- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884307] {CVE-2019-11479}\n- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884307] {CVE-2019-11478}\n- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890831] {CVE-2019-11477}\n- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884307] {CVE-2019-11477}", "edition": 2, "modified": "2019-06-17T00:00:00", "published": "2019-06-17T00:00:00", "id": "ELSA-2019-4686", "href": "http://linux.oracle.com/errata/ELSA-2019-4686.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-06-21T12:46:54", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "[3.10.0-957.21.3.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-957.21.3]\n- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719914 1719915] {CVE-2019-11479}\n- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719914 1719915] {CVE-2019-11479}\n- [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719849 1719850] {CVE-2019-11478}\n- [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719594 1719595] {CVE-2019-11477}\n- [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719594 1719595] {CVE-2019-11477}", "edition": 2, "modified": "2019-06-18T00:00:00", "published": "2019-06-18T00:00:00", "id": "ELSA-2019-1481", "href": "http://linux.oracle.com/errata/ELSA-2019-1481.html", "title": "kernel security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-06-21T12:44:33", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "[4.1.12-124.28.3]\n- Add CVE numbers for CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 (Chuck Anderson) [Orabug: 29890820] {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479} {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479}\n- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890820] \n- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886598]\n[4.1.12-124.28.2]\n- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884306] \n- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884306] \n- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884306]", "edition": 2, "modified": "2019-06-17T00:00:00", "published": "2019-06-17T00:00:00", "id": "ELSA-2019-4684", "href": "http://linux.oracle.com/errata/ELSA-2019-4684.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-06-21T12:44:42", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "[2.6.39-400.312.2]\n- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886601] {CVE-2019-11477}\n- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884308] {CVE-2019-11479}\n- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884308] {CVE-2019-11478}\n- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890843] {CVE-2019-11477}\n- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884308] {CVE-2019-11477}", "edition": 3, "modified": "2019-06-17T00:00:00", "published": "2019-06-17T00:00:00", "id": "ELSA-2019-4689", "href": "http://linux.oracle.com/errata/ELSA-2019-4689.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:58", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "**Issue Overview:**\n\n[CVE-2019-11477 __](<https://access.redhat.com/security/cve/CVE-2019-11477>), [CVE-2019-11478 __](<https://access.redhat.com/security/cve/CVE-2019-11478>) and [CVE-2019-11479 __](<https://access.redhat.com/security/cve/CVE-2019-11479>) describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system. \n\nThe latest Amazon Linux 2 AMIs as available in AWS EC2 already contain these kernels and are not vulnerable.\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ and reboot to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n kernel-4.14.123-111.109.amzn2.aarch64 \n kernel-headers-4.14.123-111.109.amzn2.aarch64 \n kernel-debuginfo-common-aarch64-4.14.123-111.109.amzn2.aarch64 \n perf-4.14.123-111.109.amzn2.aarch64 \n perf-debuginfo-4.14.123-111.109.amzn2.aarch64 \n python-perf-4.14.123-111.109.amzn2.aarch64 \n python-perf-debuginfo-4.14.123-111.109.amzn2.aarch64 \n kernel-tools-4.14.123-111.109.amzn2.aarch64 \n kernel-tools-devel-4.14.123-111.109.amzn2.aarch64 \n kernel-tools-debuginfo-4.14.123-111.109.amzn2.aarch64 \n kernel-devel-4.14.123-111.109.amzn2.aarch64 \n kernel-debuginfo-4.14.123-111.109.amzn2.aarch64 \n \n i686: \n kernel-headers-4.14.123-111.109.amzn2.i686 \n \n src: \n kernel-4.14.123-111.109.amzn2.src \n \n x86_64: \n kernel-4.14.123-111.109.amzn2.x86_64 \n kernel-headers-4.14.123-111.109.amzn2.x86_64 \n kernel-debuginfo-common-x86_64-4.14.123-111.109.amzn2.x86_64 \n perf-4.14.123-111.109.amzn2.x86_64 \n perf-debuginfo-4.14.123-111.109.amzn2.x86_64 \n python-perf-4.14.123-111.109.amzn2.x86_64 \n python-perf-debuginfo-4.14.123-111.109.amzn2.x86_64 \n kernel-tools-4.14.123-111.109.amzn2.x86_64 \n kernel-tools-devel-4.14.123-111.109.amzn2.x86_64 \n kernel-tools-debuginfo-4.14.123-111.109.amzn2.x86_64 \n kernel-devel-4.14.123-111.109.amzn2.x86_64 \n kernel-debuginfo-4.14.123-111.109.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-06-13T22:11:00", "published": "2019-06-13T22:11:00", "id": "ALAS2-2019-1222", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1222.html", "title": "Critical: kernel", "type": "amazon", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T12:37:11", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "**Issue Overview:**\n\n[CVE-2019-11477 __](<https://access.redhat.com/security/cve/CVE-2019-11477>), [CVE-2019-11478 __](<https://access.redhat.com/security/cve/CVE-2019-11478>) and [CVE-2019-11479 __](<https://access.redhat.com/security/cve/CVE-2019-11479>) describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system. \n\nThe latest Amazon Linux AMIs as available in AWS EC2 already contain these kernels and are not vulnerable.\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ and reboot to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-debuginfo-4.14.123-86.109.amzn1.i686 \n perf-debuginfo-4.14.123-86.109.amzn1.i686 \n kernel-tools-4.14.123-86.109.amzn1.i686 \n kernel-devel-4.14.123-86.109.amzn1.i686 \n kernel-tools-debuginfo-4.14.123-86.109.amzn1.i686 \n kernel-tools-devel-4.14.123-86.109.amzn1.i686 \n kernel-4.14.123-86.109.amzn1.i686 \n kernel-debuginfo-common-i686-4.14.123-86.109.amzn1.i686 \n kernel-headers-4.14.123-86.109.amzn1.i686 \n perf-4.14.123-86.109.amzn1.i686 \n \n src: \n kernel-4.14.123-86.109.amzn1.src \n \n x86_64: \n kernel-devel-4.14.123-86.109.amzn1.x86_64 \n kernel-tools-4.14.123-86.109.amzn1.x86_64 \n kernel-tools-devel-4.14.123-86.109.amzn1.x86_64 \n kernel-debuginfo-4.14.123-86.109.amzn1.x86_64 \n kernel-headers-4.14.123-86.109.amzn1.x86_64 \n kernel-tools-debuginfo-4.14.123-86.109.amzn1.x86_64 \n perf-debuginfo-4.14.123-86.109.amzn1.x86_64 \n kernel-4.14.123-86.109.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.14.123-86.109.amzn1.x86_64 \n perf-4.14.123-86.109.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2019-06-13T21:37:00", "published": "2019-06-13T21:37:00", "id": "ALAS-2019-1222", "href": "https://alas.aws.amazon.com/ALAS-2019-1222.html", "title": "Critical: kernel", "type": "amazon", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "mscve": [{"lastseen": "2020-08-07T11:48:24", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "# Executive Summary\n\nKnown vulnerabilities exist in the Linux kernel. These vulnerabilities are documented by the following CVEs: [CVE-2019-11477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477>), [CVE-2019-11478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478>), and [CVE-2019-11479](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479>).\n\nThe purpose of this advisory is to explain the various effects of these vulnerabilities and to provide links to more information.\n\n 1. If you are running a Linux kernel in your Azure environment, you should contact the provider of that Linux kernel to understand their recommendation for protecting your installation. See below for a list of popular providers.\n 2. If you are using Azure Sphere for an IoT product, please see Azure Sphere <https://azure.microsoft.com/en-us/updates/update-19-06-for-azure-sphere-public-preview-now-available-for-evaluation/>\n 3. If you are using Azure Kubernetes Service, please see <https://github.com/Azure/AKS/issues/1065>\n 4. If you are using HD Insight, please see <https://azure.microsoft.com/en-us/updates/security-advisory-on-linux-kernel-tcp-vulnerabilities-for-hdinsight-clusters/>\n", "edition": 2, "modified": "2019-07-01T07:00:00", "id": "MS:ADV190020", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190020", "published": "2019-07-01T07:00:00", "title": "Linux Kernel TCP SACK Denial of Service Vulnerability", "type": "mscve", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2020-12-08T03:36:15", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1481\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\n* Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-June/035371.html\n\n**Affected packages:**\nbpftool\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-06-19T00:21:01", "published": "2019-06-19T00:21:01", "id": "CESA-2019:1481", "href": "http://lists.centos.org/pipermail/centos-announce/2019-June/035371.html", "title": "bpftool, kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-08T03:38:21", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-3896", "CVE-2019-11479"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1488\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\n* kernel: Double free in lib/idr.c (CVE-2019-3896)\n\n* Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* MDS mitigations not enabled on Intel Skylake CPUs (BZ#1710081)\n\n* RHEL6 kernel does not disable SMT with mds=full,nosmt (BZ#1710121)\n\n* [RHEL6] md_clear flag missing from /proc/cpuinfo (BZ#1710517)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-June/035370.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 5, "modified": "2019-06-19T00:19:05", "published": "2019-06-19T00:19:05", "id": "CESA-2019:1488", "href": "http://lists.centos.org/pipermail/centos-announce/2019-June/035370.html", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-03-01T01:23:31", "description": "CVE-2019-11477 , CVE-2019-11478 and CVE-2019-11479 describe\nvulnerabilities in the Linux kernel that can be remotely exploited\nusing a specially crafted TCP connection, crashing the targeted\nsystem.\n\nThe latest Amazon Linux AMIs as available in AWS EC2 already contain\nthese kernels and are not vulnerable.", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-06-18T00:00:00", "title": "Amazon Linux AMI : kernel (ALAS-2019-1222) (SACK Panic) (SACK Slowness)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:kernel-headers", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1222.NASL", "href": "https://www.tenable.com/plugins/nessus/125955", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1222.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125955);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n script_xref(name:\"ALAS\", value:\"2019-1222\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2019-1222) (SACK Panic) (SACK Slowness)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2019-11477 , CVE-2019-11478 and CVE-2019-11479 describe\nvulnerabilities in the Linux kernel that can be remotely exploited\nusing a specially crafted TCP connection, crashing the targeted\nsystem.\n\nThe latest Amazon Linux AMIs as available in AWS EC2 already contain\nthese kernels and are not vulnerable.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1222.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' and reboot to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.123-86.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.123-86.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.123-86.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.123-86.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.123-86.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.123-86.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.123-86.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.123-86.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.123-86.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.123-86.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.123-86.109.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-01T05:13:32", "description": "Description of changes:\n\n[4.1.12-124.28.3.el7uek]\n- Add CVE numbers for CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 (Chuck Anderson) [Orabug: 29890820] {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479} {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479}\n- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890820]\n- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886598]\n\n[4.1.12-124.28.2.el7uek]\n- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884306]\n- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884306]\n- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884306]", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-06-18T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4684) (SACK Panic) (SACK Slowness)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2019-4684.NASL", "href": "https://www.tenable.com/plugins/nessus/125963", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4684.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125963);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4684) (SACK Panic) (SACK Slowness)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[4.1.12-124.28.3.el7uek]\n- Add CVE numbers for CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 (Chuck Anderson) [Orabug: 29890820] {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479} {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479}\n- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890820]\n- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886598]\n\n[4.1.12-124.28.2.el7uek]\n- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884306]\n- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884306]\n- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884306]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-June/008828.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-June/008829.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2019-4684\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"4.1\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-124.28.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-124.28.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-124.28.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-124.28.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-124.28.3.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-124.28.3.el6uek\")) flag++;\n\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-124.28.3.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-124.28.3.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-124.28.3.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-124.28.3.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-124.28.3.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-124.28.3.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T13:16:25", "description": "The version of Arista Networks EOS running on the remote device is affected by the following denial of service (DoS)\nvulnerabilities related to TCP networking in the Linux kernel, which can be exploited by a remote, unauthenticated\nattacker:\n\n - SACK Panic. The TCP_SKB_CB(skb)->tcp_gso_segs value is subject to an integer overflow in the Linux\n kernel when handling TCP Selective Acknowledgments (SACKs). (CVE-2019-11477)\n\n - SACK Slowness. The TCP retransmission queue implementation in tcp_fragment in the Linux kernel can be\n fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. (CVE-2019-11478)\n\n - The Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend\n queues significantly more than if a larger MSS were enforced. (CVE-2019-11479)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-03-06T00:00:00", "title": "Arista Networks EOS Linux Kernel TCP Multiple DoS (SA0041)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "modified": "2020-03-06T00:00:00", "cpe": ["cpe:/o:arista:eos"], "id": "ARISTA_EOS_SA0041.NASL", "href": "https://www.tenable.com/plugins/nessus/134303", "sourceData": "#TRUSTED a6808466094d663f83b155a4a6c70588781969608fc41ba50308a63da4ae6c0da663b189a8c9db920167e428c06c657dd7e391b722d229d821f625061ac3bc3a36059a41d6aec1b2e4489027ed40306c132858c99582eaa4e74c5fc5db01f38274b00dcccbd910729a90cd0423a666aea4da6d1c28199c7549a34d05e38fc13867d8fe18c6b6ee11aaa8c787aa9bb33e0a44210090c8f49db2482f4803777b082996f6f44758557dadca1ab1f830fd701147a8b7b39780c335f60059de06dedd62c30dc594999ca4be56e1bb3a606b45b0c75a2630981bc1dcf5efae6e8269c66f0d1e9aba5902de004ad93cddb01ab4e03faa15ad4edafa10c5063165352d1254b49b46eb41f3007a506f2663a1f15f769c8498325f30611a296eaae05b9c7f53614f93a6d32ea44fa6ffedf67aa8d7c9c98a35c04e2cad4d2fcd0ea5a4dc72137ddcac437d4dca95cdb3d0faf89f274a4f2ae83b49ea56261e17d328d71626cd8d4f4b80cc34851b9a35ebb61472bdcb1869c16bb31b8177347a5beb1c7c39e863e8adb92445059336d076bead29e03a74dfa5a167e1a82312084fce69e72c48e4146783af65242c8f46f687cd4c34a783e722cb20a3d42e8894547ce08ffad9fbb2ce9f15403d194310c8de69cd1ca851fd6a62e335ac9384e929b711aa2e29419a4f348d58ebdbf856f1ddb0e70fc8a10018d3fec005ec36f958a119f6ab\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134303);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n script_bugtraq_id(108798, 108801, 108818);\n\n script_name(english:\"Arista Networks EOS Linux Kernel TCP Multiple DoS (SA0041)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Arista Networks EOS running on the remote device is affected by multiple denial of service (DoS) vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Arista Networks EOS running on the remote device is affected by the following denial of service (DoS)\nvulnerabilities related to TCP networking in the Linux kernel, which can be exploited by a remote, unauthenticated\nattacker:\n\n - SACK Panic. The TCP_SKB_CB(skb)->tcp_gso_segs value is subject to an integer overflow in the Linux\n kernel when handling TCP Selective Acknowledgments (SACKs). (CVE-2019-11477)\n\n - SACK Slowness. The TCP retransmission queue implementation in tcp_fragment in the Linux kernel can be\n fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. (CVE-2019-11478)\n\n - The Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend\n queues significantly more than if a larger MSS were enforced. (CVE-2019-11479)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.arista.com/en/support/advisories-notices/security-advisories/8066-security-advisory-41\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0073e92b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Arista Networks EOS version 4.22.1F, 4.21.7M, 4.20.14M, 4.19.13M, 4.18.12M or later or 4.21.2.3F or\n4.21.6.1.1F, or apply the patch from the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11477\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:arista:eos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"arista_eos_detect.nbin\");\n script_require_keys(\"Host/Arista-EOS/Version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('arista_eos_func.inc');\ninclude('audit.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = get_kb_item_or_exit('Host/Arista-EOS/Version');\next='SecurityAdvisory0041Hotfix.rpm 1.0.2/eng';\nsha='7f19af46d5e520364039e4e4870a6906b233908b7ddeac6bb613bb956f797b64ede92d146d3824764502e1434d0f5f1c84db7a6c7723ac784b1db18d2b75f21a';\n\nif(eos_extension_installed(ext:ext, sha:sha))\n audit(AUDIT_HOST_NOT, 'not vulnerable, as a relevant hotfix has been installed');\n\nversion = get_kb_item_or_exit('Host/Arista-EOS/Version');\n\nvmatrix = make_array();\nvmatrix['all'] = make_list('0.0<=4.17.99');\nvmatrix['F'] = make_list('4.22.0');\nvmatrix['M'] = make_list('4.21.0<=4.21.6',\n '4.20.0<=4.20.13',\n '4.19.0<=4.19.12',\n '4.18.0<=4.18.11');\n\nvmatrix['fix'] = '4.22.1F, 4.21.7M, 4.20.14M, 4.19.13M, 4.18.12M or later or 4.21.2.3F / 4.21.6.1.1F';\n\nif (eos_is_affected(vmatrix:vmatrix, version:version))\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:eos_report_get());\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'Arista Networks EOS', version);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-01T02:38:25", "description": "Update to v5.1.11\n\n - Fixes CVE-2019-11477\n\n - Fixes CVE-2019-11479\n\n - Fixes CVE-2019-11478\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-06-19T00:00:00", "title": "Fedora 29 : kernel / kernel-headers (2019-914542e05c) (SACK Panic) (SACK Slowness)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:kernel-headers"], "id": "FEDORA_2019-914542E05C.NASL", "href": "https://www.tenable.com/plugins/nessus/126017", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-914542e05c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126017);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n script_xref(name:\"FEDORA\", value:\"2019-914542e05c\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers (2019-914542e05c) (SACK Panic) (SACK Slowness)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to v5.1.11\n\n - Fixes CVE-2019-11477\n\n - Fixes CVE-2019-11479\n\n - Fixes CVE-2019-11478\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-914542e05c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-914542e05c\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-5.1.11-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-5.1.11-200.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T18:27:40", "description": "Security Fix(es) :\n\n - An integer overflow flaw was found in the way the Linux\n kernel's networking subsystem processed TCP Selective\n Acknowledgment (SACK) segments. While processing SACK\n segments, the Linux kernel's socket buffer (SKB) data\n structure becomes fragmented. Each fragment is about TCP\n maximum segment size (MSS) bytes. To efficiently process\n SACK blocks, the Linux kernel merges multiple fragmented\n SKBs into one, potentially overflowing the variable\n holding the number of segments. A remote attacker could\n use this flaw to crash the Linux kernel by sending a\n crafted sequence of SACK segments on a TCP connection\n with small value of TCP MSS, resulting in a denial of\n service (DoS). (CVE-2019-11477)\n\n - Kernel: tcp: excessive resource consumption while\n processing SACK blocks allows remote denial of service\n (CVE-2019-11478)\n\n - Kernel: tcp: excessive resource consumption for TCP\n connections with low MSS allows remote denial of service\n (CVE-2019-11479)", "edition": 8, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-06-18T00:00:00", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20190617) (SACK Panic) (SACK Slowness)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "modified": "2019-06-18T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs"], "id": "SL_20190617_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/125981", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125981);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20190617) (SACK Panic) (SACK Slowness)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - An integer overflow flaw was found in the way the Linux\n kernel's networking subsystem processed TCP Selective\n Acknowledgment (SACK) segments. While processing SACK\n segments, the Linux kernel's socket buffer (SKB) data\n structure becomes fragmented. Each fragment is about TCP\n maximum segment size (MSS) bytes. To efficiently process\n SACK blocks, the Linux kernel merges multiple fragmented\n SKBs into one, potentially overflowing the variable\n holding the number of segments. A remote attacker could\n use this flaw to crash the Linux kernel by sending a\n crafted sequence of SACK segments on a TCP connection\n with small value of TCP MSS, resulting in a denial of\n service (DoS). (CVE-2019-11477)\n\n - Kernel: tcp: excessive resource consumption while\n processing SACK blocks allows remote denial of service\n (CVE-2019-11478)\n\n - Kernel: tcp: excessive resource consumption for TCP\n connections with low MSS allows remote denial of service\n (CVE-2019-11479)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1906&L=SCIENTIFIC-LINUX-ERRATA&P=1762\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?172ed60f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.21.3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.21.3.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-01T05:49:47", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An integer overflow flaw was found in the way the Linux kernel's\nnetworking subsystem processed TCP Selective Acknowledgment (SACK)\nsegments. While processing SACK segments, the Linux kernel's socket\nbuffer (SKB) data structure becomes fragmented. Each fragment is about\nTCP maximum segment size (MSS) bytes. To efficiently process SACK\nblocks, the Linux kernel merges multiple fragmented SKBs into one,\npotentially overflowing the variable holding the number of segments. A\nremote attacker could use this flaw to crash the Linux kernel by\nsending a crafted sequence of SACK segments on a TCP connection with\nsmall value of TCP MSS, resulting in a denial of service (DoS).\n(CVE-2019-11477)\n\n* Kernel: tcp: excessive resource consumption while processing SACK\nblocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with\nlow MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 20, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-06-18T00:00:00", "title": "RHEL 7 : kernel (RHSA-2019:1481) (SACK Panic) (SACK Slowness)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2019-1481.NASL", "href": "https://www.tenable.com/plugins/nessus/125969", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1481. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125969);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n script_xref(name:\"RHSA\", value:\"2019:1481\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:1481) (SACK Panic) (SACK Slowness)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An integer overflow flaw was found in the way the Linux kernel's\nnetworking subsystem processed TCP Selective Acknowledgment (SACK)\nsegments. While processing SACK segments, the Linux kernel's socket\nbuffer (SKB) data structure becomes fragmented. Each fragment is about\nTCP maximum segment size (MSS) bytes. To efficiently process SACK\nblocks, the Linux kernel merges multiple fragmented SKBs into one,\npotentially overflowing the variable holding the number of segments. A\nremote attacker could use this flaw to crash the Linux kernel by\nsending a crafted sequence of SACK segments on a TCP connection with\nsmall value of TCP MSS, resulting in a denial of service (DoS).\n(CVE-2019-11477)\n\n* Kernel: tcp: excessive resource consumption while processing SACK\nblocks allows remote denial of service (CVE-2019-11478)\n\n* Kernel: tcp: excessive resource consumption for TCP connections with\nlow MSS allows remote denial of service (CVE-2019-11479)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/tcpsack\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11479\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1481\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1481\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-957.21.3.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.21.3.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-01T05:13:35", "description": "Description of changes:\n\n[2.6.39-400.312.2.el6uek]\n- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) \n[Orabug: 29886601] {CVE-2019-11477}\n- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884308] \n{CVE-2019-11479}\n- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) \n[Orabug: 29884308] {CVE-2019-11478}\n- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) \n[Orabug: 29890843] {CVE-2019-11477}\n- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: \n29884308] {CVE-2019-11477}", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-06-18T00:00:00", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4689) (SACK Panic) (SACK Slowness)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2019-4689.NASL", "href": "https://www.tenable.com/plugins/nessus/125966", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4689.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125966);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4689) (SACK Panic) (SACK Slowness)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.312.2.el6uek]\n- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) \n[Orabug: 29886601] {CVE-2019-11477}\n- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884308] \n{CVE-2019-11479}\n- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) \n[Orabug: 29884308] {CVE-2019-11478}\n- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) \n[Orabug: 29890843] {CVE-2019-11477}\n- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: \n29884308] {CVE-2019-11477}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-June/008835.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2019-4689\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.312.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.312.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.312.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.312.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.312.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.312.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-19T20:37:57", "description": "The remote host is running a version of RancherOS prior to v1.5.3, hence\nis exposed to multiple vulnerabilities:\n\n\n - Linux Kernel is prone to a remote integer-overflow vulnerability.\n An attacker can exploit this issue to cause denial-of-service\n conditions. (CVE-2019-11477)\n\n - RancherOS is vulnerable to a denial of service; by crafting a\n sequence of SACKs, an attacker can cause fragmentation of the\n TCP transmission queue, leading to higher resource use. \n (CVE-2019-11478)\n\n - Linux kernel default MSS is hard-coded to 48 bytes. This allows\n a remote peer to fragment TCP resend queues significantly more\n than if a larger MSS were enforced. A remote attacker could use\n this to cause a denial of service. (CVE-2019-11479)", "edition": 12, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-12-19T00:00:00", "title": "RancherOS < 1.5.3 Multiple Vulnerabilities (SACK Panic)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "modified": "2019-12-19T00:00:00", "cpe": ["cpe:/o:rancher:rancheros"], "id": "RANCHEROS_1_5_3.NASL", "href": "https://www.tenable.com/plugins/nessus/132257", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# @NOAGENT@\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132257);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/19\");\n\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n script_bugtraq_id(108798, 108801, 108818);\n\n script_name(english:\"RancherOS < 1.5.3 Multiple Vulnerabilities (SACK Panic)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of RancherOS prior to v1.5.3, hence\nis exposed to multiple vulnerabilities:\n\n\n - Linux Kernel is prone to a remote integer-overflow vulnerability.\n An attacker can exploit this issue to cause denial-of-service\n conditions. (CVE-2019-11477)\n\n - RancherOS is vulnerable to a denial of service; by crafting a\n sequence of SACKs, an attacker can cause fragmentation of the\n TCP transmission queue, leading to higher resource use. \n (CVE-2019-11478)\n\n - Linux kernel default MSS is hard-coded to 48 bytes. This allows\n a remote peer to fragment TCP resend queues significantly more\n than if a larger MSS were enforced. A remote attacker could use\n this to cause a denial of service. (CVE-2019-11479)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rancher.com/docs/os/v1.x/en/about/security/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/rancher/os/releases/tag/v1.5.3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lwn.net/Articles/791409/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to RancherOS v1.5.3 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11477\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rancher:rancheros\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint_linux_distro.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RancherOS/version\", \"Host/RancherOS\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\n# Fix version is v1.5.3\nfix_version = '1.5.3';\nos = get_kb_item('Host/RancherOS');\n\nif (!os) audit(AUDIT_OS_NOT, 'RancherOS');\n\nos_ver = get_kb_item('Host/RancherOS/version');\nif (!os_ver)\n{\n exit(1, 'Could not determine the RancherOS version');\n}\n\nmatch = pregmatch(pattern:\"v([0-9\\.]+)\", string:os_ver);\n\nif (!isnull(match))\n{ \n version = match[1]; \n if (ver_compare(ver:version, fix:fix_version, strict:TRUE) == -1)\n {\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + os_ver +\n '\\n Fixed version : v' + fix_version +\n '\\n'\n );\n }\n}\n\naudit(AUDIT_INST_VER_NOT_VULN, 'RancherOS', os_ver);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-01T05:20:24", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Add CVE numbers for CVE-2019-11477 CVE-2019-11478\n CVE-2019-11479 (Chuck Anderson) [Orabug: 29890820]\n (CVE-2019-11477) (CVE-2019-11478) (CVE-2019-11479)\n (CVE-2019-11477) (CVE-2019-11478) (CVE-2019-11479)\n\n - tcp: fix fack_count accounting on tcp_shift_skb_data\n (Joao Martins) [Orabug: 29890820]\n\n - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing (Eric\n Dumazet) [Orabug: 29886598]\n\n - tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug:\n 29884306]\n\n - tcp: tcp_fragment should apply sane memory limits (Eric\n Dumazet) [Orabug: 29884306]\n\n - tcp: limit payload size of sacked skbs (Eric Dumazet)\n [Orabug: 29884306]", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-06-19T00:00:00", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0026) (SACK Panic) (SACK Slowness)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware"], "id": "ORACLEVM_OVMSA-2019-0026.NASL", "href": "https://www.tenable.com/plugins/nessus/126020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2019-0026.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126020);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0026) (SACK Panic) (SACK Slowness)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Add CVE numbers for CVE-2019-11477 CVE-2019-11478\n CVE-2019-11479 (Chuck Anderson) [Orabug: 29890820]\n (CVE-2019-11477) (CVE-2019-11478) (CVE-2019-11479)\n (CVE-2019-11477) (CVE-2019-11478) (CVE-2019-11479)\n\n - tcp: fix fack_count accounting on tcp_shift_skb_data\n (Joao Martins) [Orabug: 29890820]\n\n - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing (Eric\n Dumazet) [Orabug: 29886598]\n\n - tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug:\n 29884306]\n\n - tcp: tcp_fragment should apply sane memory limits (Eric\n Dumazet) [Orabug: 29884306]\n\n - tcp: limit payload size of sacked skbs (Eric Dumazet)\n [Orabug: 29884306]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000945.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.28.3.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.28.3.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-01T02:36:34", "description": "Update to v5.1.11\n\n - Fixes CVE-2019-11477\n\n - Fixes CVE-2019-11479\n\n - Fixes CVE-2019-11478\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-06-19T00:00:00", "title": "Fedora 30 : kernel / kernel-headers (2019-6c3d89b3d0) (SACK Panic) (SACK Slowness)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-11479"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:kernel-headers"], "id": "FEDORA_2019-6C3D89B3D0.NASL", "href": "https://www.tenable.com/plugins/nessus/126016", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-6c3d89b3d0.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126016);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n script_xref(name:\"FEDORA\", value:\"2019-6c3d89b3d0\");\n\n script_name(english:\"Fedora 30 : kernel / kernel-headers (2019-6c3d89b3d0) (SACK Panic) (SACK Slowness)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to v5.1.11\n\n - Fixes CVE-2019-11477\n\n - Fixes CVE-2019-11479\n\n - Fixes CVE-2019-11478\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c3d89b3d0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11477\", \"CVE-2019-11478\", \"CVE-2019-11479\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-6c3d89b3d0\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"kernel-5.1.11-300.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"kernel-headers-5.1.11-300.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "threatpost": [{"lastseen": "2020-04-11T11:44:51", "bulletinFamily": "info", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-5599"], "description": "Multiple TCP-based remote denial-of-service vulnerabilities have been uncovered in the FreeBSD and Linux kernels by Netflix researchers. Exploitation would interrupt TCP connections and therefore streaming content flows to vulnerable Linux-based PCs (putting a crimp in binge-watching, for instance). Attackers could also disable connections to vulnerable Linux-powered internet of things gadgets, taking them offline.\n\nFirst up, three related flaws denial-of-service (DoS) were found in the Linux kernel\u2019s handling of TCP networking. The first two are related to TCP Selective Acknowledgement (SACK) packets combined with the Maximum Segment Size parameter, and the third solely with the Maximum Segment Size parameter, according to an advisory issued Monday.\n\nThe most severe vulnerability ([CVE-2019-11477](<https://access.redhat.com/security/cve/CVE-2019-11477>), dubbed SACK Panic) impacts Linux kernels 2.6.29 versions and above. It could allow a remote attacker to trigger a kernel panic in systems running the affected software and, as a result, impact the system\u2019s availability.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)\n\n\u201cA sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic,\u201d Netflix noted [in its advisory](<https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md>), posted Monday.\n\n\u201cKernel panic is a [fatal error](<https://www.computerhope.com/jargon/k/kernel-panic.htm>) from which the OS cannot quickly or easily recover,\u201d according to a Trend Micro write-up on Tuesday. \u201cAn OS in panic displays an error message on the computer screen and writes the kernel memory\u2019s contents to the disk for later debugging. All CPU operation will then be halted.\u201d\n\nThe PATCH_net_1_4.patch mitigates the issue; additionally, versions of the Linux kernel up to, and including, 4.14 require a second patch, PATCH_net_1a.patch.\n\nAnother issue, [CVE-2019-11478](<http://access.redhat.com/security/cve/CVE-2019-11478>), causes SACK slowness in Linux versions below 4.15, or excess resource usage (all Linux versions are impacted). PATCH_net_2_4.patch addresses the issue.\n\n\u201cIt is possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue,\u201d Netflix explained. \u201cOn Linux kernels prior to 4.15, an attacker may be able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.\u201d\n\nAnd finally, [CVE-2019-11479](<http://access.redhat.com/security/cve/CVE-2019-11479>) causes excess resource consumption due to low MSS values in all Linux versions.\n\n\u201cAn attacker can force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data,\u201d Netflix explained. \u201cThis drastically increases the bandwidth required to deliver the same amount of data. Further, it consumes additional resources (CPU and NIC processing power). This attack requires continued effort from the attacker and the impacts will end shortly after the attacker stops sending traffic.\u201d\n\nTwo patches, PATCH_net_3_4.patch and PATCH_net_4_4.patch, which add a feature that lets an administrator enforce a minimum MSS appropriate for their applications, address the bug.\n\nAs workarounds for all three issues, users can also disable SACK processing altogether, or block connections with a low MSS using one of the supplied filters.\n\n\u201cNote that these filters may break legitimate connections which rely on a low MSS,\u201d according to the advisory. \u201cAlso, note that this mitigation is only effective if TCP probing is disabled (that is, the net.ipv4.tcp_mtu_probing sysctl is set to 0, which appears to be the default value for that sysctl).\u201d\n\nMeanwhile a fourth issue, [CVE-2019-5599](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5599>), causes SACK slowness in FreeBSD 12 if using the RACK TCP Stack.\n\n\u201cIt is possible to send a crafted sequence of SACKs which will fragment the RACK send map,\u201d Netflix researchers noted. \u201cAn attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.\u201d\n\nAs a workaround, users can apply the split_limit.patch, which allows them to set a reasonable value to limit the size of the SACK table. They could also temporarily disable the RACK TCP stack.\n\n\u201cGood system and application coding and configuration practices (limiting write buffers to the necessary level, monitoring connection memory consumption via SO_MEMINFO, and aggressively closing misbehaving connections) can help to limit the impact of attacks against these kinds of vulnerabilities,\u201d Netflix added.\n\n[Red Hat](<https://access.redhat.com/security/cve/cve-2019-11477>), [Amazon Web Services](<https://aws.amazon.com/security/security-bulletins/AWS-2019-005/>), [SUSE](<https://www.suse.com/de-de/support/kb/doc/?id=7023928>) and [Grsecurity](<https://twitter.com/grsecurity/status/1140678999410188293>) have so far posted advisories on the issues for their implementations of the kernels.\n\n**_Ransomware is on the rise: _**[**_Don\u2019t miss our free Threatpost webinar _**](<https://attendee.gotowebinar.com/register/611039692762707715?source=ART>)**_on the ransomware threat landscape, June 19 at 2 p.m. ET. _****_Join _****_Threatpost _****_and a panel of experts from Malwarebytes, Recorded Future and Moss Adams as they discuss_****_ how to manage the risk associated with this unique attack type,_** **_with exclusive insights into new developments on the ransomware front and how to stay ahead of the attackers._**\n", "modified": "2019-06-18T18:43:50", "published": "2019-06-18T18:43:50", "id": "THREATPOST:17D0F37EF6943E743BE5812F4D3D87E6", "href": "https://threatpost.com/linux-kernel-bug-pcs-iot-offline/145797/", "type": "threatpost", "title": "Linux Kernel Bug Knocks PCs, IoT Gadgets and More Offline", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "virtuozzo": [{"lastseen": "2019-11-05T11:28:13", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-3896", "CVE-2019-11479"], "description": "This update provides a new kernel 2.6.32-042stab139.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 based on the RHEL 6.10 kernel 2.6.32-754.15.3.el6. The new kernel inherits security fixes for SACK-related issues in the TCP stack as well as a few improvements for the MDS vulnerability patches.\n**Vulnerability id:** CVE-2019-3896\nA double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).\n\n**Vulnerability id:** CVE-2019-11477\nAn integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS).\n\n**Vulnerability id:** CVE-2019-11478\ntcp: excessive resource consumption while processing SACK blocks allows remote denial of service.\n\n**Vulnerability id:** CVE-2019-11479\ntcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service.\n\n", "edition": 1, "modified": "2019-06-20T00:00:00", "published": "2019-06-20T00:00:00", "id": "VZA-2019-051", "href": "https://help.virtuozzo.com/s/article/VZA-2019-051", "title": "Important kernel security update: New kernel 2.6.32-042stab139.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0", "type": "virtuozzo", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-05T11:27:56", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-3896", "CVE-2019-11479"], "description": "This update provides a new kernel 2.6.32-042stab139.1 for Virtuozzo 6.0 based on the RHEL 6.10 kernel 2.6.32-754.15.3.el6. The new kernel inherits security fixes for SACK-related issues in the TCP stack as well as a few improvements for the MDS vulnerability patches.\n**Vulnerability id:** CVE-2019-3896\nA double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).\n\n**Vulnerability id:** CVE-2019-11477\nAn integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS).\n\n**Vulnerability id:** CVE-2019-11478\ntcp: excessive resource consumption while processing SACK blocks allows remote denial of service.\n\n**Vulnerability id:** CVE-2019-11479\ntcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service.\n\n", "edition": 1, "modified": "2019-06-20T00:00:00", "published": "2019-06-20T00:00:00", "id": "VZA-2019-052", "href": "https://help.virtuozzo.com/s/article/VZA-2019-052", "title": "Important kernel security update: New kernel 2.6.32-042stab139.1; Virtuozzo 6.0 Update 12 Hotfix 43 (6.0.12-3743)", "type": "virtuozzo", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cert": [{"lastseen": "2020-09-18T20:41:06", "bulletinFamily": "info", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-5599"], "description": "### Overview \n\nMultiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels.\n\n### Description \n\n[CVE-2019-11477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477>): SACK Panic (Linux >= 2.6.29). A sequence of specifically crafted selective acknowledgements (SACK) may trigger an integer overflow, leading to a denial of service or possible kernel failure (panic).\n\n[CVE-2019-11478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478>): SACK Slowness (Linux < 4.15) or Excess Resource Usage (all Linux versions). A sequence of specifically crafted selective acknowledgements (SACK) may cause a fragmented TCP queue, with a potential result in slowness or denial of service. \n \n[CVE-2019-5599](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5599>): SACK Slowness (FreeBSD 12 using the RACK TCP Stack). The TCP loss detection algorithm, Recent ACKnowledgment (RACK), uses time and packet or sequence counts to detect losses. RACK uses linked lists to track and identify missing packets. A sequence of specifically crafted acknowledgements may cause the linked lists to grow very large, thus consuming CPU or network resources, resulting in slowness or denial of service. \n \n[CVE-2019-11479](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479>): Excess Resource Consumption Due to Low MSS Values (all Linux versions). The default maximum segment size (MSS) is hard-coded to 48 bytes which may cause an increase of fragmented packets. This vulnerability may create a resource consumption problem in both the CPU and network interface, resulting in slowness or denial of service. \n \nFor detailed descriptions of these vulnerabilities, see: <https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md> \n \n--- \n \n### Impact \n\nA remote attacker could cause a kernel crash (CVE-2019-11477) or excessive resource consumption leading to a delay or denial of service. \n \n--- \n \n### Solution \n\n**Apply Patches** \nSeveral vendors have already issued patches and made efforts to contact their user base. See the vendor list below for details from specific vendors. If your vendor is not listed, please check their web pages or contact them directly. \n \n--- \n \nSeveral vendors have issued workarounds. See the vendor list below for details from specific vendors. \n \n--- \n \n### Vendor Information\n\n905115\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Arch Linux __ Affected\n\nNotified: June 19, 2019 Updated: June 20, 2019 \n\n**Statement Date: June 20, 2019**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`You can find information about which packages (variants) a CVE affected \nand if (plus when) a package was fixed on our security tracker: \n \n`[`https://security.archlinux.org/CVE-2019-11477`](<https://security.archlinux.org/CVE-2019-11477>)` \n`[`https://security.archlinux.org/CVE-2019-11478`](<https://security.archlinux.org/CVE-2019-11478>)` \n`[`https://security.archlinux.org/CVE-2019-11479`](<https://security.archlinux.org/CVE-2019-11479>)` \n \nWe have also published advisories to our distro specific mailinglists \nand on the security tracker which you will find below. The advisories \ncontain workarounds that we recommended.`\n\n### Vendor Information \n\n`To summarize the fixed versions there: \n \nkernel: linux \naffected: 5.1.10.arch1-1 \nfixed: 5.1.11.arch1-1 \nadvisory: ``<https://security.archlinux.org/ASA-201906-13>`` \n \nkernel: linux-lts \naffected: 4.19.51-1 \nfixed: 4.19.52-1 \nadvisory: `[`https://security.archlinux.org/ASA-201906-14`](<https://security.archlinux.org/ASA-201906-14>)` \n \nkernel: linux-hardened \naffected: 4.19.52-1 \nfixed: 5.1.11.a-1 \nadvisory: `[`https://security.archlinux.org/ASA-201906-12`](<https://security.archlinux.org/ASA-201906-12>)` \n \nkernel: linux-zen \naffected: 5.1.10.zen1-1 \nfixed: 5.1.11.zen1-1 \nadvisory: `[`https://security.archlinux.org/ASA-201906-15`](<https://security.archlinux.org/ASA-201906-15>)\n\n### Vendor References\n\n * <https://security.archlinux.org/CVE-2019-11477>\n * <https://security.archlinux.org/CVE-2019-11478>\n * <https://security.archlinux.org/CVE-2019-11479>\n\n### Arista Networks, Inc. __ Affected\n\nNotified: June 19, 2019 Updated: July 08, 2019 \n\n**Statement Date: July 05, 2019**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nAffected..\n\n### Vendor Information \n\nhttps://[www.arista.com/en/support/advisories-notices/security-advisories/8066-security-a](<www.arista.com/en/support/advisories-notices/security-advisories/8066-security-a>)dvisory-41 which provides tracking, mitigation, and long term fix information.\n\n### Vendor References\n\n * <https://www.arista.com/en/support/advisories-notices/security-advisories/8066-security-advisory-41>\n\n### Check Point Software Technologies __ Affected\n\nUpdated: June 27, 2019 \n\n**Statement Date: June 25, 2019**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nCheck Point is vulnerable to CVE-2019-11478 and in some releases also to CVE-2019-11477. Check Point software is not vulnerable to CVE-2019-11479 or the FreeBSD\n\nCVEs.\n\n### Vendor Information \n\nThe vulnerability to the 2 CVEs is only relevant to traffic directed to or from the gateway or management machines. Traffic going through the gateway for inspection is not affected by the vulnerabilities and won't be affected by disabling SACK. There is a mitigation to the 2 relevant CVEs which is to disable SACK.\n\n### Vendor References\n\n * [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156192](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156192>)\n\n### CoreOS __ Affected\n\nNotified: June 19, 2019 Updated: June 20, 2019 \n\n**Statement Date: June 19, 2019**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`These vulnerabilities were addressed in CoreOS Container Linux alpha 2163.2.1, beta 2135.3.1, and stable 2079.6.0. Previous versions of CoreOS Container Linux are affected.`\n\n### Vendor References\n\n * <https://coreos.com/releases/>\n\n### Debian GNU/Linux __ Affected\n\nNotified: June 19, 2019 Updated: June 20, 2019 \n\n**Statement Date: June 20, 2019**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`Advisory at `[`https://www.debian.org/security/2019/dsa-4465`](<https://www.debian.org/security/2019/dsa-4465>)\n\n### Vendor References\n\n * <https://security-tracker.debian.org/tracker/CVE-2019-11477>\n * <https://security-tracker.debian.org/tracker/CVE-2019-11478>\n * <https://security-tracker.debian.org/tracker/CVE-2019-11479>\n\n### FreeBSD Project __ Affected\n\nUpdated: June 20, 2019 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nUpgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.\n\n### Vendor References\n\n * <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:08.rack.asc>\n\n### Red Hat, Inc. Affected\n\nNotified: June 19, 2019 Updated: June 20, 2019 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://access.redhat.com/security/vulnerabilities/tcpsack>\n\n### SUSE Linux __ Affected\n\nNotified: June 19, 2019 Updated: June 20, 2019 \n\n**Statement Date: June 19, 2019**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nUpdates issued on Monday, June 17, 2019\n\n### Vendor References\n\n * <https://www.suse.com/c/suse-addresses-the-sack-panic-tcp-remote-denial-of-service-attacks/>\n * <https://www.suse.com/support/kb/doc/?id=7023928>\n\n### Synology __ Affected\n\nNotified: June 19, 2019 Updated: June 24, 2019 \n\n**Statement Date: June 21, 2019**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nSynology has confirmed our products are affected, and we have published a security advisory for your reference: \n<https://www.synology.com/security/advisory/Synology_SA_19_28>\n\n### Vendor Information \n\nCVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 allow remote attackers to conduct denial-of-service attacks via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM).\n\n### Vendor References\n\n * <https://www.synology.com/security/advisory/Synology_SA_19_28>\n\n### Ubuntu __ Affected\n\nNotified: June 19, 2019 Updated: June 20, 2019 \n\n**Statement Date: June 19, 2019**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`We have a KnowledgeBase page here: \n \n`[`https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic`](<https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic>)` \n \nWe released updates for CVE-2019-11477 and CVE-2019-11478. The corresponding Ubuntu Security Notices can be found here: \n \n`[`https://usn.ubuntu.com/4017-1/`](<https://usn.ubuntu.com/4017-1/>)` \n`[`https://usn.ubuntu.com/4017-2/`](<https://usn.ubuntu.com/4017-2/>)\n\n### Vendor Information \n\n`A set of future Ubuntu kernel updates will address the sysctl-based mitigation for CVE-2019-11479.`.\n\n### Vendor References\n\n * <https://usn.ubuntu.com/4017-1/>\n * <https://usn.ubuntu.com/4017-2/>\n\n### Microsoft Not Affected\n\nNotified: June 19, 2019 Updated: June 27, 2019 \n\n**Statement Date: June 27, 2019**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alpine Linux Unknown\n\nNotified: June 19, 2019 Updated: June 19, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Aspera Inc. Unknown\n\nNotified: June 19, 2019 Updated: June 19, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: June 19, 2019 Updated: June 19, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Geexbox Unknown\n\nNotified: June 19, 2019 Updated: June 19, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: June 19, 2019 Updated: June 19, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Marconi, Inc. Unknown\n\nNotified: June 19, 2019 Updated: June 19, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Micro Focus Unknown\n\nNotified: June 19, 2019 Updated: June 19, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: June 19, 2019 Updated: June 19, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: June 19, 2019 Updated: June 19, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Tizen Unknown\n\nNotified: June 19, 2019 Updated: June 19, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: June 19, 2019 Updated: June 19, 2019 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 22 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 5.3 | AV:N/AC:L/Au:--/C:C/I:C/A:C \nTemporal | 5 | E:ND/RL:W/RC:C \nEnvironmental | 5.0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md>\n * <https://access.redhat.com/security/vulnerabilities/tcpsack>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479>\n * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5599>\n\n### Acknowledgements\n\nJonathan Looney (Netflix Information Security)\n\nThis document was written by Laurie Tyzenhaus.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2019-11477](<http://web.nvd.nist.gov/vuln/detail/CVE-2019-11477>), [CVE-2019-11478](<http://web.nvd.nist.gov/vuln/detail/CVE-2019-11478>), [CVE-2019-11479](<http://web.nvd.nist.gov/vuln/detail/CVE-2019-11479>), [CVE-2019-5599](<http://web.nvd.nist.gov/vuln/detail/CVE-2019-5599>) \n---|--- \n**Date Public:** | 2019-06-17 \n**Date First Published:** | 2019-06-20 \n**Date Last Updated: ** | 2019-07-08 14:21 UTC \n**Document Revision: ** | 18 \n", "modified": "2019-07-08T14:21:00", "published": "2019-06-20T00:00:00", "id": "VU:905115", "href": "https://www.kb.cert.org/vuls/id/905115", "type": "cert", "title": "Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "paloalto": [{"lastseen": "2019-07-02T14:32:15", "bulletinFamily": "software", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-5599", "CVE-2019-11479"], "description": "Palo Alto Networks is aware of recent vulnerability disclosures known as TCP SACK Panic vulnerabilities. (Ref: PAN-119745/ CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)\n", "edition": 2, "modified": "2019-06-28T00:00:00", "published": "2019-06-27T00:00:00", "id": "PAN-SA-2019-0013", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/151", "title": "Information about TCP SACK Panic Findings in PAN-OS", "type": "paloalto", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ics": [{"lastseen": "2021-02-27T19:48:41", "bulletinFamily": "info", "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-8460"], "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.5**\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor: **Siemens\n * **Equipment: **Industrial Products\n * **Vulnerabilities: **Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption\n\n## 2\\. UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-19-253-03 Siemens Industrial Products (Update J) that was published October 13, 2020, to the ICS webpage on us-cert.gov.\n\n## 3\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could cause denial-of-service condition.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nSiemens reports the vulnerabilities affect the following industrial products:\n\n * CloudConnect 712: All versions prior to 1.1.5\n * ROX II: All versions prior to 2.13.3 (Only vulnerable to CVE-2019-11479)\n * RUGGEDCOM APE 1404 Linux: All versions prior to Debian 9 Linux Image 2019-12-13 (only affected by CVE-2019-11479)\n * RUGGEDCOM RM1224: All versions prior to 6.2\n * RUGGEDCOM RX 1400 VPE Debian Linux: All versions prior to Debian 9 Linux Image 2019-12-13 (only affected by CVE-2019-11479)\n * RUGGEDCOM RX 1400 VPE Linux CloudConnect: All versions prior to Debian 9 Linux Image 2019-12-13 13 (only affected by CVE-2019-11479)\n * SCALANCE M800 / S615: All versions prior to 6.2\n * SCALANCE M875: All versions\n * SCALANCE SC-600: All versions prior to 2.0.1\n * SCALANCE W1700: All versions prior to 2.0\n * SCALANCE W-700 (IEEE 802.11n): All versions prior to 6.4\n * SCALANCE WLC711: All versions\n * SCALANCE WLC712: All versions\n * SIMATIC CM 1542-1: All versions\n * SIMATIC ITC1500: All versions\n * SIMATIC ITC1500 PRO: All versions\n * SIMATIC ITC1900: All versions\n * SIMATIC ITC1900 PRO: All versions\n * SIMATIC ITC2200: All versions\n * SIMATIC ITC2200 PRO: All versions\n * SCALANCE W1750D: All versions prior to 8.6.0\n * SIMATIC MV500: All versions prior to 2.1\n * SIMATIC NET CP 1242-7: All versions prior to 3.2\n * SIMATIC NET CP 1243-1 (incl. SIPLUS NET variants): All versions prior to 3.2\n * SIMATIC NET CP 1243-7 LTE EU: All versions prior to 3.2\n * SIMATIC NET CP 1243-7 LTE US: All versions prior to 3.2\n * SIMATIC NET CP 1243-8 IRC: All versions prior to 3.2\n * SIMATIC NET CP 1542SP-1: All versions prior to 2.1\n * SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS NET variants): All versions prior to 2.1\n * SIMATIC NET CP 1543-1 (incl. SIPLUS NET variants): All versions prior to 2.2\n * SIMATIC NET CP 1543SP-1 (incl. SIPLUS NET variants): All versions prior to 2.1\n * SIMATIC NET CP 1623: All versions: All versions (only affected by CVE-2019-8460)\n * SIMATIC NET CP 1628: All versions: All versions (only affected by CVE-2019-8460)\n * SIMATIC NET CP 343-1 Advanced (incl. SIPLUS NET variants): All versions (only affected by CVE-2019-8460)\n * SIMATIC NET CP 442-1 RNA: All versions (only affected by CVE-2019-8460)\n * SIMATIC NET CP 443-1 (incl. SIPLUS NET variants): All versions (only affected by CVE-2019-8460)\n * SIMATIC NET CP 443-1 Advanced (incl. SIPLUS NET variants): All versions (only affected by CVE-2019-8460)\n * SIMATIC NET CP 443-1 OPC UA: All versions (only affected by CVE-2019-8460)\n * SIMATIC NET CP 443-1 RNA: All versions (only affected by CVE-2019-8460)\n * SIMATIC RF185C: All versions prior to 1.3\n * SIMATIC RF186C: All versions prior to 1.3\n * SIMATIC RF186CI: All versions prior to 1.3\n * SIMATIC RF188C: All versions prior to 1.3\n * SIMATIC RF188CI: All versions prior to 1.3\n * SIMATIC RF600R: All versions\n\n**\\--------- Begin Update K Part 1 of 2 ---------**\n\n * SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0, 6AG1518-4AX00-4AC0, incl. SIPLUS variant): All versions prior to 2.8.4\n * SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (MLFB: 6ES7518-4FX00-1AC0): All versions prior to 2.8.4\n\n**\\--------- End Update K Part 1 of 2 ---------**\n\n * SIMATIC Teleserver Adapter IE Advanced: All versions\n * SIMATIC Teleserver Adapter IE Basic: All versions\n * SINEMA Remote Connect Server: All versions prior to 2.1\n * SINUMERIK 808D: All versions prior to 4.92\n * SINUMERIK 828D: All versions prior to 4.8 SP5\n * SINUMERIK 840D sl: All versions prior to 4.8 SP5\n * TIM 1531 IRC (incl. SIPLUS NET variants): All versions prior to 2.1\n\n### 4.2 VULNERABILITY OVERVIEW\n\n#### 4.2.1 [EXCESSIVE DATA QUERY OPERATIONS IN A LARGE DATA TABLE CWE-1049](<https://cwe.mitre.org/data/definitions/1049.html>)\n\nThe kernel can be forced to make very expensive calls for every incoming TCP Selective Acknowledgement (SACK) packet which can lead to a denial-of-service condition.\n\n[CVE-2019-8460](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8460>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 4.2.2 [INTEGER OVERFLOW OR WRAPAROUND CWE-190](<https://cwe.mitre.org/data/definitions/190.html>)\n\nThe kernel is affected by an integer overflow when handling TCP Selective Acknowledgements, which could allow a remote attacker to cause a denial-of-service condition.\n\n[CVE-2019-11477](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11477>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 4.2.3 [UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400](<https://cwe.mitre.org/data/definitions/400.html>)\n\nA remote attacker sending specially crafted TCP Selective Acknowledgment (SACK) sequences may cause a denial-of-service condition.\n\n[CVE-2019-11478](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11478>) has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>)).\n\n#### 4.2.4 [UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400](<https://cwe.mitre.org/data/definitions/400.html>)\n\nAn attacker may exploit a vulnerability in the TCP retransmission queue implementation kernel when handling TCP Selective Acknowledgements (SACK) to cause a denial-of-service condition.\n\n[CVE-2019-11479](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11479>) has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>)).\n\n### 4.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Germany\n\n### 4.4 RESEARCHER\n\nSiemens reported theses vulnerabilities to CISA.\n\n## 5\\. MITIGATIONS\n\nSiemens recommends users follow the specific workarounds and mitigations below. Siemens has also released fixes for the following products:\n\n * CloudConnect 712: [Update to v1.1.5](<https://support.industry.siemens.com/cs/ww/en/view/109769636>)\n * ROX II: [Update to v2.13.3](<https://support.industry.siemens.com/cs/document/109778537>) (Only vulnerable to CVE-2019-11479)\n * RUGGEDCOM APE 1404 Linux: [Apply the latest available Debian patches](<https://support.industry.siemens.com/cs/document/109773487>)\n * RUGGEDCOM RM1224: [Update to v6.2 or later](<https://support.industry.siemens.com/cs/document/109778305>)\n * RUGGEDCOM RX1400 VPE Debian Linux: [Apply the latest available Debian patches in the VPE](<https://support.industry.siemens.com/cs/document/109773485>)\n * RUGGEDCOM RX1400 VPE Linux CloudConnect: [Apply the latest available Debian patches in the VPE or apply the latest CloudConnect VPE Linux image](<https://support.industry.siemens.com/cs/document/109773486>)\n * SCALANCE M800: [Update to v6.2 or later](<https://support.industry.siemens.com/cs/document/109778305>)\n * SCALANCE S615: [Update to v6.2 or later](<https://support.industry.siemens.com/cs/document/109778305>)\n * SCALANCE M875: Upgrade hardware to SCALANCE M876-4 or RUGGEDCOM RM1224 and apply patches when available\n * SCALANCE SC-600: [Update to v2.0.1](<https://support.industry.siemens.com/cs/ww/en/view/109769665>)\n * SCALANCE W1700: [Update to v2.0 or later](<https://support.industry.siemens.com/cs/document/109773734>)\n * SCALANCE W700 (IEEE 802.11n): [Update to v6.4 or newer](<https://support.industry.siemens.com/cs/ww/en/view/109773308>)\n * SCALANCE W1750D: [Update to v8.6.0 or later](<https://support.industry.siemens.com/cs/ww/en/view/109778052>)\n * SIMATIC MV500: [Update to v2.1 or later](<https://support.industry.siemens.com/cs/ww/en/view/109781769>)\n * SIMATIC NET CP 1242-7: Update to v3.2 or later\n * SIMATIC NET CP 1243-1 (incl. SIPLUS NET variants): [Update to v3.2 or later](<https://support.industry.siemens.com/cs/document/109775640>)\n * SIMATIC NET CP 1243-7 LTE EU: [Update to v3.2 or later](<https://support.industry.siemens.com/cs/document/109775640>)\n * SIMATIC NET CP 1243-7 LTE US: [Update to v3.2 or later](<https://support.industry.siemens.com/cs/document/109775640>)\n * SIMATIC NET CP 1243-8 IRC: [Update to v3.2 or later](<https://support.industry.siemens.com/cs/document/109775640>)\n * SIMATIC NET CP 1542SP-1: [Update to v2.1 or later](<https://support.industry.siemens.com/cs/document/109774207/>)\n * SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS NET variants): [Update to v2.1 or later](<https://support.industry.siemens.com/cs/document/109774207/>)\n * SIMATIC NET CP 1543-1 (incl. SIPLUS NET variants): [Update to v2.2 or later](<https://support.industry.siemens.com/cs/document/109775642>)\n * SIMATIC NET CP 1543SP-1 (incl. SIPLUS NET variants): [Update to v2.1 or later](<https://support.industry.siemens.com/cs/document/109774207/>)\n * SIMATIC RF185C: [Update to v1.3 or later](<https://support.industry.siemens.com/cs/ww/en/view/109781665>)\n * SIMATIC RF186C: [Update to v1.3 or later](<https://support.industry.siemens.com/cs/ww/en/view/109781665>)\n * SIMATIC RF186CI: [Update to v1.3 or later](<https://support.industry.siemens.com/cs/ww/en/view/109781665>)\n * SIMATIC RF188C: [Update to v1.3 or later](<https://support.industry.siemens.com/cs/ww/en/view/109781665>)\n * SIMATIC RF188CI: [Update to v1.3 or later](<https://support.industry.siemens.com/cs/ww/en/view/109781665>)\n\n**\\--------- Begin Update K Part 2 of 2 ---------**\n\n * SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0, 6AG1518-4AX00-4AC0, incl. SIPLUS variant): [Update to v2.8.4](<https://support.industry.siemens.com/cs/ww/en/view/109761490>)\n * SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (MLFB: 6ES7518-4FX00-1AC0): [Update to v2.8.4](<https://support.industry.siemens.com/cs/ww/en/view/109761495>)\n\n**\\--------- End Update K Part 2 of 2 ---------**\n\n * SINEMA Remote Connect Server: [Update to v2.1](<https://support.industry.siemens.com/cs/ww/en/view/109777247>)\n * SINUMERIK 808D: Update to v4.92. The update can be obtained from a Siemens representative or via Siemens customer service.\n * SINUMERIK 828D/840D sl: Update to v4.8 SP5. The update can be obtained from a Siemens representative or via Siemens customer service.\n * TIM 1531 IRC (incl. SIPLUS NET variants): [Update to v2.1 or later](<https://support.industry.siemens.com/cs/document/109774204>)\n\nSiemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:\n\n * Restrict network access to affected devices\n * Apply defense-in-depth\n * For SIMATIC Teleservice Adapters (IE Basic, IE Advanced): migrate to a successor product within the SCALANCE M-800 family. For details refer to the [notice of discontinuation](<https://support.industry.siemens.com/cs/ww/en/view/109781070>).\n\nAs a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens\u2019 [operational guidelines for industrial security](<https://www.siemens.com/cert/operational-guidelines-industrial-security>), and follow the recommendations in the product manuals. Additional information on industrial security by Siemens can be found at: <https://www.siemens.com/industrialsecurity>\n\nFor more information, please see Siemens Security Advisory [SSA-462066](<http://www.siemens.com/cert/advisories>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls and isolate them from the business network.\n * When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-19-253-03>); we'd welcome your feedback.\n", "modified": "2020-12-08T00:00:00", "published": "2020-12-08T00:00:00", "id": "ICSA-19-253-03", "href": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", "type": "ics", "title": "Siemens Industrial Products (Update K)", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "zdt": [{"lastseen": "2019-06-19T01:54:13", "description": "Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed _\"SACK Panic_,\" allows a remotely-triggered kernel panic on recent Linux kernels. There are patches that address most of these vulnerabilities. If patches can not be applied, certain mitigations will be effective.", "edition": 1, "published": "2019-06-19T00:00:00", "title": "Linux / #FreeBSD #TCP-Based Denial Of Service Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-11478", "CVE-2019-11477", "CVE-2019-5599", "CVE-2019-11479"], "modified": "2019-06-19T00:00:00", "id": "1337DAY-ID-32884", "href": "https://0day.today/exploit/description/32884", "sourceData": "###### Title: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities\r\n\r\n###### Release Date: 2019-06-17\r\n\r\n###### Severity: Critical\r\n\r\n### Overview:\r\n\r\nNetflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.\r\n\r\nThe vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed _\u201cSACK Panic_,\u201d allows a remotely-triggered kernel panic on recent Linux kernels.\r\n\r\nThere are patches that address most of these vulnerabilities. If patches can not be applied, certain mitigations will be effective. We recommend that affected parties enact one of those described below, based on their environment.\r\n\r\n### Details:\r\n\r\n#### 1: [CVE-2019-11477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477): SACK Panic (Linux >= 2.6.29)\r\n\r\n__Description:__\r\nA sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic.\r\n\r\n__Fix:__ Apply the patch [PATCH_net_1_4.patch](2019-001/PATCH_net_1_4.patch). Additionally, versions of the Linux kernel up to, and including, 4.14 require a second patch [PATCH_net_1a.patch](2019-001/PATCH_net_1a.patch).\r\n\r\n__Workaround #1:__ Block connections with a low MSS using one of the supplied [filters](2019-001/block-low-mss/README.md). (The values in the filters are examples. You can apply a higher or lower limit, as appropriate for your environment.) Note that these filters may break legitimate connections which rely on a low MSS. Also, note that this mitigation is only effective if TCP probing is disabled (that is, the `net.ipv4.tcp_mtu_probing` sysctl is set to 0, which appears to be the default value for that sysctl).\r\n\r\n__Workaround #2:__ Disable SACK processing (`/proc/sys/net/ipv4/tcp_sack` set to 0).\r\n\r\n(Note that either workaround should be sufficient on its own. It is not necessary to apply both workarounds.)\r\n\r\n\r\n### 2: [CVE-2019-11478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478): SACK Slowness (Linux < 4.15) or Excess Resource Usage (all Linux versions)\r\n\r\n__Description:__ It is possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. On Linux kernels prior to 4.15, an attacker may be able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.\r\n\r\n__Fix:__ Apply the patch [PATCH_net_2_4.patch](2019-001/PATCH_net_2_4.patch)\r\n\r\n__Workaround #1:__ Block connections with a low MSS using one of the supplied [filters](2019-001/block-low-mss/README.md). (The values in the filters are examples. You can apply a higher or lower limit, as appropriate for your environment.) Note that these filters may break legitimate connections which rely on a low MSS. Also, note that this mitigation is only effective if TCP probing is disabled (that is, the `net.ipv4.tcp_mtu_probing` sysctl is set to 0, which appears to be the default value for that sysctl).\r\n\r\n__Workaround #2:__ Disable SACK processing (`/proc/sys/net/ipv4/tcp_sack` set to 0).\r\n\r\n(Note that either workaround should be sufficient on its own. It is not necessary to apply both workarounds.)\r\n\r\n\r\n### 3: [CVE-2019-5599](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5599): SACK Slowness (FreeBSD 12 using the RACK TCP Stack)\r\n\r\n__Description:__ It is possible to send a crafted sequence of SACKs which will fragment the RACK send map. An attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.\r\n\r\n__Workaround #1:__ Apply the patch [split_limit.patch](2019-001/split_limit.patch) and set the `net.inet.tcp.rack.split_limit` sysctl to a reasonable value to limit the size of the SACK table.\r\n\r\n__Workaround #2:__ Temporarily disable the RACK TCP stack.\r\n\r\n(Note that either workaround should be sufficient on its own. It is not necessary to apply both workarounds.)\r\n\r\n\r\n### 4: [CVE-2019-11479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479): Excess Resource Consumption Due to Low MSS Values (all Linux versions)\r\n\r\n__Description:__ An attacker can force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data. This drastically increases the bandwidth required to deliver the same amount of data. Further, it consumes additional resources (CPU and NIC processing power). This attack requires continued effort from the attacker and the impacts will end shortly after the attacker stops sending traffic.\r\n\r\n__Fix:__ Two patches [PATCH_net_3_4.patch](2019-001/PATCH_net_3_4.patch) and [PATCH_net_4_4.patch](2019-001/PATCH_net_4_4.patch) add a sysctl which enforces a minimum MSS, set by the `net.ipv4.tcp_min_snd_mss` sysctl. This lets an administrator enforce a minimum MSS appropriate for their applications.\r\n\r\n__Workaround:__ Block connections with a low MSS using one of the supplied [filters](2019-001/block-low-mss/README.md). (The values in the filters are examples. You can apply a higher or lower limit, as appropriate for your environment.) Note that these filters may break legitimate connections which rely on a low MSS. Also, note that this mitigation is only effective if TCP probing is disabled (that is, the `net.ipv4.tcp_mtu_probing` sysctl is set to 0, which appears to be the default value for that sysctl).\r\n\r\n\r\n### Note:\r\nGood system and application coding and configuration practices (limiting write buffers to the necessary level, monitoring connection memory consumption via SO_MEMINFO, and aggressively closing misbehaving connections) can help to limit the impact of attacks against these kinds of vulnerabilities.\r\n\r\n\r\n## Acknowledgments:\r\nOriginally reported by Jonathan Looney.\r\n\r\nWe thank Eric Dumazet for providing Linux fixes and support.\r\n\r\nWe thank Bruce Curtis for providing the Linux filters.\r\n\r\nWe thank Jonathan Lemon and Alexey Kodanev for helping to improve the Linux patches.\r\n\r\nWe gratefully acknowledge the assistance of Tyler Hicks in testing fixes, refining the information about vulnerable versions, and providing assistance during the disclosure process.\n\n# 0day.today [2019-06-19] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/32884"}]}