LINUX.ORG.RU

Решето

 , , , ,


0

1

Executive Summary

Three related flaws were found in the Linux kernel’s handling of TCP networking. The most severe vulnerability could allow a remote attacker to trigger a kernel panic in systems running the affected software and, as a result, impact the system’s availability.

The issues have been assigned multiple CVEs: CVE-2019-11477 is considered an Important severity, whereas CVE-2019-11478 and CVE-2019-11479 are considered a Moderate severity.

The first two are related to the Selective Acknowledgement (SACK) packets combined with Maximum Segment Size (MSS), the third solely with the Maximum Segment Size (MSS).

These issues are corrected either through applying mitigations or kernel patches. Mitigation details and links to RHSA advsories can be found on the RESOLVE tab of this article.

Issue Details and Background

Three related flaws were found in the Linux kernel’s handling of TCP Selective Acknowledgement (SACK) packets handling with low MSS size. The extent of impact is understood to be limited to denial of service at this time. No privilege escalation or information leak is currently suspected.

While mitigations shown in this article are available, they might affect traffic from legitimate sources that require the lower MSS values to transmit correctly and system performance. Please evaluate the mitigation that is appropriate for the system’s environment before applying.

Подробности

Перемещено jollheef из kernel

anonymous

Забыл написать, что в багофиксе 5.1.11, который выпустили час назад, всё это закрыто.

// b.

anonymous
()

Жду новости на русском через неделю.

А эту можете грохнуть, ибо не на «великом» русском. Ура-поцреоты не обязаны знать английский, да :-)

// b.

anonymous
()

В The Register быстро среагировали:

https://www.theregister.co.uk/2019/06/17/linux_tcp_sack_kernel_crash/

«It is possible to crash network-facing Linux servers, PCs, smartphones and tablets, and gadgets, or slow down their network connections, by sending them a series of maliciously crafted packets. It is also possible to hamper FreeBSD machines with the same attack.»

// b.

anonymous
()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.