[Vulnerability Warning] Linux Kernel TCP SACK mechanism remotely denies service vulnerability

2019-06-18 23:13:48
Dear user


On June 18, 2019, JD Cloud Security Team detected that it was revealed that the Kernel TCP SACK mechanism of Linux contained defects, making remote service rejected.


[Vulnerability Description]


Attackers can remotely send an attack package of special structure, making target Linux or FreeBSD server crashed or service unavailable.


[Vulnerability Rating]

CVE-2019-11477 High Risk

CVE-2019-11478 Moderate Risk

CVE-2019-11479 Moderate Risk

[Affected Version]

FreeBSD 12 (Using RACK TCP Protocol Stack)

CentOS 5 (Official support of Redhat is stopped and no patches will be provided anymore)

CentOS 6

CentOS 7

Ubuntu 18.04 LTS

Ubuntu 16.04 LTS

Ubuntu 19.04

Ubuntu 18.10

[Safety Version]

CentOS 6 :2.6.32-754.15.3

CentOS 7 :3.10.0-957.21.3

Ubuntu 18.04 LTS :4.15.0-52.56

Ubuntu 16.04 LTS:4.4.0-151.178


[Security Fix Recommendation]


Note: Business may be unavailable due to any one of the following repair methods


I. Disable SACK mechanism functions and execute following commands:

echo 0 > /proc/sys/net/ipv4/tcp_sack

or

sysctl -w net.ipv4.tcp_sack=0


II. Upgrade Linux security patch (need to reboot servers)

Ubuntu series: apt-get update && sudo apt-get install linux-image-generic

Centos series: yum update kernel

For other Linux patches, please refer to: https: //github.com/Netflix/security-bulletins/tree/master/advisories/third-party/2019-001


[Relevant Links]

https://access.redhat.com/security/vulnerabilities/tcpsack

RedHat system users can detect whether there is any vulnerability with scripts: https://access.redhat.com/sites/default/files/cve-2019-11477--2019-06-17-1629.sh



JD Cloud Team


JD Cloud team

2019-06-18 23:13:48