[SingCERT] Alert on Multiple Linux Vulnerabilities

Published on 19 Jun 2019

Updated on 27 Nov 2019

Background

Multiple vulnerabilities were found in the Linux-based operating systems. Its kernel handling Transmission Control Protocol (TCP) networking can be exploited by attackers remotely to trigger a Denial of Service (DoS) condition in vulnerable systems.

The vulnerabilities and affected Linux kernel versions are as follows:

• CVE-2019-11477 - This vulnerability could result in Selective ACKnowledgement (SACK) panic. Successful exploitation could cause a kernel panic when the system handles a malicious sequence of SACK in Linux kernel versions 2.6.29 and later.

• CVE-2019-11478 - This vulnerability could result in excess resource usage or SACK slowness. Successful exploitation could cause excessive resource consumption in all Linux kernel versions and could be further exploited to cause SACK slowness on Linux kernels prior to version 4.15.

• CVE-2019-11479 - This vulnerability could result in excess resource consumption due to low Maximum Segment Size value. Successful exploitation could cause the system to utilise additional bandwidth and resources in all Linux kernel versions.

Impact

Successful exploitation of any of these vulnerabilities could lead to a DoS.

Recommendations

Users and system administrators are advised to download and install the security updates immediately.

To update the Linux kernel:
1. Check your current Kernel version. At the terminal window, type: uname –sr
2. Update the repositories. At the terminal, type: sudo apt-get update
3. Run the upgrade. While still in the terminal, type: sudo apt-get dist-upgrade

References

https://www.helpnetsecurity.com/2019/06/18/linux-sack-tcp-flaws/
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://www.bleepingcomputer.com/news/security/multiple-linux-and-freebsd-dos-vulnerabilities-found-by-netflix/