Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11479)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. An attacker with network access to affected products could cause a denial of service condition because of a vulnerability in the TCP retransmission queue implementation kernel when handling TCP...

Siemens Industrial Products Integer Overflow or Wraparound (CVE-2019-11477)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The kernel used in some products is affected by an integer overflow when handling TCP Selective Acknowledgements. A remote attacker could use this to cause a denial of service. This plugin only wor...

Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11478)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. A remote attacker could cause a denial of service condition by sending specially crafted TCP Selective Acknowledgment SACK sequences to affected products. This plugin only works with Tenable.ot...

Siemens Industrial Products Excessive Data Query Operations in a Large Data Table (CVE-2019-8460)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. OpenBSD kernel version = 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive...

Sprecher Automation SPRECON-E TCP SACK PANIC (CVE-2019-11477)

Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...

Sprecher Automation SPRECON-E TCP SACK PANIC (CVE-2019-11479)

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

SA44193 - 2019-06: Out-of-Cycle Advisory: Multiple Linux Kernel and FreeBSD vulnerabilities

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On June 17 2019, Netflix announced a group of new security advisories related to Linux Kernel and FreeBSD. These issues may affect Pulse Secure products. For a list of supported softwa...

Security Bulletin: IBM Security Guardium is affected by a TCP SACK PANIC -Kernel vulnerability

Summary IBM Security Guardium has addressed the following vulnerability Vulnerability Details CVEID: CVE-2019-11478 DESCRIPTION: Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective...

Western Digital My Cloud Multiple Products < 2.31.193 Multiple Vulnerabilities

Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...

Arista Networks CloudVision Portal Linux Kernel TCP Multiple DoS (SA0041)

The version of Arista Networks CloudVision Portal running on the remote device is affected by the following denial of service DoS vulnerabilities related to TCP networking in the Linux kernel, which can be exploited by a remote, unauthenticated attacker: - SACK Panic. The TCPSKBCBskb-tcpgsosegs...

Huawei Data Communication: Integer Overflow Vulnerability in the Linux Kernel (SACK Panic) (huawei-sa-20191204-01-kernel)

Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyrigh...

Arista Networks EOS Linux Kernel TCP Multiple DoS (SA0041)

The version of Arista Networks EOS running on the remote device is affected by the following denial of service DoS vulnerabilities related to TCP networking in the Linux kernel, which can be exploited by a remote, unauthenticated attacker: - SACK Panic. The TCPSKBCBskb-tcpgsosegs value is subject...

Security Advisory - Integer Overflow Vulnerability in the Linux Kernel (SACK Panic)

An integer overflow vulnerability was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. A remote attacker could use this to cause a denial of service. Vulnerability ID: HWPSIRT-2019-06130 This vulnerability has been assigned a Common...

RancherOS < 1.5.3 Multiple Vulnerabilities (SACK Panic)

The remote host is running a version of RancherOS prior to v1.5.3, hence is exposed to multiple vulnerabilities: - Linux Kernel is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. CVE-2019-11477 - RancherOS is vulnerable t...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)

The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exceptio...

F5 Networks BIG-IP : Linux SACK Panic vulnerability (K78234183)

Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1948-1) (SACK Panic) (SACK Slowness)

This update for the Linux Kernel 4.4.121-92104 fixes several issues. The following security issues were fixed : CVE-2019-11477: Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow when handling TCP Selective Acknowledgments SACKs. A remote attacker...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1924-1) (SACK Panic) (SACK Slowness)

This update for the Linux Kernel 3.12.74-6064104 fixes several issues. The following security issues were fixed : CVE-2019-11477: Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow when handling TCP Selective Acknowledgments SACKs. A remote attacke...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (SACK Panic) (SACK Slowness)

Based on the RPM metadata this appears to be a security kernel. The RPM changelog shows fixes related to Security Fixes : - An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, t...

Information about TCP SACK Panic Findings in PAN-OS

Palo Alto Networks is aware of recent vulnerability disclosures known as TCP SACK Panic vulnerabilities. Ref: PAN-119745/ CVE-2019-11477, CVE-2019-11478, CVE-2019-11479...