Lucene search

HistorySep 25, 2019 - 12:00 a.m.

Palo Alto Networks PAN-OS 7.1.x < 7.1.24 / 8.0.x < 8.0.19 / 8.1.x < 8.1.8-h5 / 9.0.x < 9.0.2-h4 Multiple Vulnerabilities

2019-09-2500:00:00

www.tenable.com

The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.24 or 8.0.x prior to 8.0.19 or 8.1.x prior to 8.1.8-h5 or 9.0.x prior to 9.0.2-h4. It is, therefore, affected by multiple vulnerabilities.

An integer overflow condition exists in Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. An unauthenticated, remote attacker can exploit this, via by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS) to cause a crash Linux kernel.(CVE-2019-11477)
An excessive resource consumption flaw was found in the Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. An unauthenticated, remote attacker can exploit this, via by sending a crafted sequence of SACK segments on a TCP connection, to cause a denial of service condition. (CVE-2019-11478)
An excessive resource consumption flaw was found in the Linux kernel’s networking subsystem processed TCP segments.
An unauthenticated, remote attacker can exploit this, via repeatedly sending network traffic on TCP connection with low TCP MSS, resulting in a denial of service (Dos). (CVE-2019-11479)

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(129302);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id("CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479");
  script_bugtraq_id(108798, 108801, 108818);
  script_xref(name:"CEA-ID", value:"CEA-2019-0456");

  script_name(english:"Palo Alto Networks PAN-OS 7.1.x < 7.1.24 / 8.0.x < 8.0.19 / 8.1.x < 8.1.8-h5 / 9.0.x < 9.0.2-h4 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote PAN-OS host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.24 or 8.0.x prior to 8.0.19 or
8.1.x prior to 8.1.8-h5 or 9.0.x prior to 9.0.2-h4. It is, therefore, affected by  multiple vulnerabilities.

- An integer overflow condition exists in Linux kernel's networking subsystem processed TCP Selective Acknowledgment
  (SACK) segments. An unauthenticated, remote attacker can exploit this, via by sending a crafted sequence of SACK
  segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS) to cause a crash
  Linux kernel.(CVE-2019-11477)

- An excessive resource consumption flaw was found in the Linux kernel's networking subsystem processed TCP Selective
  Acknowledgment (SACK) segments. An unauthenticated, remote attacker can exploit this, via by sending a crafted
  sequence of SACK segments on a TCP connection, to cause a denial of service condition. (CVE-2019-11478)

- An excessive resource consumption flaw was found in the Linux kernel's networking subsystem processed TCP segments.
  An unauthenticated, remote attacker can exploit this, via repeatedly sending network traffic on TCP connection with
  low TCP MSS, resulting in a denial of service (Dos). (CVE-2019-11479)");
  script_set_attribute(attribute:"see_also", value:"https://securityadvisories.paloaltonetworks.com/Home/Detail/151");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PAN-OS 7.1.24 / 8.0.19 / 8.1.8-h5 / 9.0.2-h4 or later");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11477");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:paloaltonetworks:pan-os");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Palo Alto Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("palo_alto_version.nbin");
  script_require_keys("Host/Palo_Alto/Firewall/Version", "Host/Palo_Alto/Firewall/Full_Version");

  exit(0);
}

include('vcf.inc');

app_name = 'Palo Alto Networks PAN-OS';

app_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Palo_Alto/Firewall/Full_Version', kb_source:'Host/Palo_Alto/Firewall/Source');

constraints = [
  { 'min_version' : '7.1.0', 'max_version' : '7.1.23', 'fixed_display' : '7.1.24' },
  { 'min_version' : '8.0.0', 'max_version' : '8.0.18', 'fixed_display' : '8.0.19' },
  { 'min_version' : '8.1.0', 'max_version' : '8.1.8-h4', 'fixed_display' : '8.1.8-h5' },
  { 'min_version' : '9.0.0', 'max_version' : '9.0.2-h3', 'fixed_display' : '9.0.2-h4' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

VendorProductVersionCPE
paloaltonetworkspan-oscpe:/o:paloaltonetworks:pan-os

Vendor	Product	Version	CPE
paloaltonetworks	pan-os		cpe:/o:paloaltonetworks:pan-os

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479

securityadvisories.paloaltonetworks.com/Home/Detail/151

JSON

Related for PALO_ALTO_PAN-SA-2019-0013.NASL