gsd-2019-11478
Vulnerability from gsd
Modified
2023-12-13 01:24
Details
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2019-11478", "description": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.", "id": "GSD-2019-11478", "references": [ "https://www.suse.com/security/cve/CVE-2019-11478.html", "https://www.debian.org/security/2019/dsa-4465", "https://access.redhat.com/errata/RHSA-2019:1699", "https://access.redhat.com/errata/RHSA-2019:1602", "https://access.redhat.com/errata/RHSA-2019:1594", "https://access.redhat.com/errata/RHSA-2019:1490", "https://access.redhat.com/errata/RHSA-2019:1489", "https://access.redhat.com/errata/RHSA-2019:1488", "https://access.redhat.com/errata/RHSA-2019:1487", "https://access.redhat.com/errata/RHSA-2019:1486", "https://access.redhat.com/errata/RHSA-2019:1485", "https://access.redhat.com/errata/RHSA-2019:1484", "https://access.redhat.com/errata/RHSA-2019:1483", "https://access.redhat.com/errata/RHSA-2019:1482", "https://access.redhat.com/errata/RHSA-2019:1481", "https://access.redhat.com/errata/RHSA-2019:1480", "https://access.redhat.com/errata/RHSA-2019:1479", "https://ubuntu.com/security/CVE-2019-11478", "https://advisories.mageia.org/CVE-2019-11478.html", "https://security.archlinux.org/CVE-2019-11478", "https://alas.aws.amazon.com/cve/html/CVE-2019-11478.html", "https://linux.oracle.com/cve/CVE-2019-11478.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-11478" ], "details": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.", "id": "GSD-2019-11478", "modified": "2023-12-13T01:24:02.511053Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", "ID": "CVE-2019-11478", "STATE": "PUBLIC", "TITLE": "SACK can cause extensive memory use via fragmented resend queue" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux kernel", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "4.4", "version_value": "4.4.182" }, { "version_affected": "\u003c", "version_name": "4.9", "version_value": "4.9.182" }, { "version_affected": "\u003c", "version_name": "4.14", "version_value": "4.14.127" }, { "version_affected": "\u003c", "version_name": "4.19", "version_value": "4.19.52" }, { "version_affected": "\u003c", "version_name": "5.1", "version_value": "5.1.11" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Jonathan Looney from Netflix" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e." } ] }, "generator": { "engine": "Vulnogram 0.0.7" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-770 Allocation of Resources Without Limits or Throttling" } ] } ] }, "references": { "reference_data": [ { "name": "VU#905115", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "RHSA-2019:1594", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "20190722 [SECURITY] [DSA 4484-1] linux security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jul/30" }, { "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", "refsource": "MISC", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", "refsource": "MISC", "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "name": "https://access.redhat.com/security/vulnerabilities/tcpsack", "refsource": "MISC", "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" }, { "name": "https://support.f5.com/csp/article/K26618426", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K26618426" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" }, { "name": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html" } ] }, "source": { "advisory": "https://usn.ubuntu.com/4017-1", "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638" ], "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "17F8005D-23A1-4666-B194-18D895721E7A", "versionEndExcluding": "4.4.182", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "966342A3-015F-4BCC-A513-335362A79A26", "versionEndExcluding": "4.9.182", "versionStartIncluding": "4.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A632572-BC71-422E-B953-346709BA1658", "versionEndExcluding": "4.14.127", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C91C6131-9445-46E6-960B-76E8A34DC7E4", "versionEndExcluding": "4.19.52", "versionStartIncluding": "4.15", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0E372D7-8DD5-45E7-9C26-CF389B1A09A5", "versionEndExcluding": "5.1.11", "versionStartIncluding": "4.20", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "33AF102E-2851-45B5-8C71-B393F34D4591", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E4EA2A9-C197-40D4-A6AE-A64D69536F99", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A3215E6-7223-4AF1-BFD3-BD8AE9B6B572", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "720A06E3-441B-4D51-8FC0-D569DD7FEB10", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FF1C75A-F753-40CB-9E26-DA6D31931DDC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A057B236-8B7C-430D-B107-8FF96D132E73", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D7877E8-E50F-4DC6-867D-C19A8DB533E3", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "899BE6FE-B23F-4236-8A5E-B41AFF28E533", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "66FC8C37-629D-4FBA-9C79-615BDDCF7837", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "66FCB095-3E70-472A-AB9D-60F001F3A539", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA39C4F5-4D97-4B0B-8DA9-780F7ACF0A74", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2833083-97E9-4B3C-8E6B-BCAC1851D148", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8C7C45A-CC14-4092-903C-3001986D2859", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "42EBAE78-C03E-42C9-AC2D-D654A8DF8516", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "75D817B1-EC06-4180-B272-067299818B09", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E3A4646-9AAA-445E-A08F-226D41485DC2", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "09C950E6-BF12-43D4-9125-AD9D90EDD67A", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "255D11E3-F502-45CD-8958-5989F179574E", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E72B035F-97C1-41C6-B424-F3929B9D7A99", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E058E775-EAAA-46DF-9F3D-A8D042AAFD88", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AD3B4BB-7F5C-4565-9345-2D4895630AAD", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B872A0D5-9B23-40F2-8AAB-253A4F406D18", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "10A57948-C53A-4CD0-801B-7E801D08E112", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "F367EED9-1F71-4720-BE53-3074FF6049C9", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "20BF15AA-1183-489E-A24A-FFB5BFD84664", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "83B684D2-5889-41EA-B54A-8E7AF43DA647", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "45D0AF1B-9106-4C38-B1A2-87FC189ADBAB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A258E-4F20-4C3C-8269-CD7554539EC6", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A5E9908-C959-48FD-8FAC-C0FE329E6FD8", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "442A56A6-935D-427A-8562-144DD770E317", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6434ED4F-0BA2-445A-B6E9-D3E301EE3930", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DA668DC-EFB6-44C3-8521-47BB9F474DD1", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C23EFF81-0FF4-4B4A-BAC3-85EC62230099", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "24AB3C9F-77E5-4D87-A9C1-366B087E7F68", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D17CC587-3325-4D95-BE63-B948C63B411D", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FB6D7D8-2688-48A2-8E3E-341881EF0B4C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "24904D5C-58FF-49B0-B598-F798BAD110E6", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE11CCA1-58BF-462E-A0DE-49F3BC1C5499", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "639FCD86-C487-40DD-9840-8931FAF5DF3A", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "1117B40B-36E7-4205-82B0-52B4862A6D03", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "12F0D363-0DE8-4E32-9187-D7ACA0868BD8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB112ABE-C07E-480F-8042-6321E602183D", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A751827-1169-408E-BCE6-A129BDDB489D", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "428C4BEA-AFDA-45EC-9D5F-DDF409461C33", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "717C0443-3E88-4814-8D4A-F0C067176228", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3879431-2E02-4B6C-BB4F-C2FF631A0974", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "7865E258-CDA0-43A5-9945-81E07BF11A82", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAECED76-81A2-4A0C-8C2E-24C235BB32DE", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDC38EF1-6210-40A1-88FC-964C470E41BA", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "713EB3E7-A657-4F6A-901D-618AF660CBBC", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EACA0835-51AD-4AC0-8C87-5564F3A821CD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "B572C267-AF06-4270-8FDC-18EBDDED7879", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "88B12CA1-E853-4898-8A06-F991BE19A27A", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C98DCCF-2D89-4C05-A0AE-60CF8228B860", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "B439DE9D-6A09-4487-82A4-E75A57717CAB", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA4F1CFB-0FD9-4AEB-BF25-093115F9D891", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "19428E8B-18C2-413A-A3C0-AC6AB9F952F2", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "6166E0DB-2BA5-454D-ABBC-9E4916436A44", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "F42F4AF6-4BCC-497E-A889-0BBCA965CB32", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEC2164D-11D0-4DCD-B814-6AB185C3BADF", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA4AE425-1D86-4DB9-8B8F-74C6678BD528", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF483911-003B-470B-A12B-85EF34A50469", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "79191794-6151-46E9-AAFD-3EC0C05B03B1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "893A7EE9-495D-405A-B809-39DC80778B2A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D046F5-FF1A-41A7-8EDE-2C93E335906E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1C8792C-1CF0-450B-A8BD-2B5274156053", "vulnerable": true }, { "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3CCBFDE-C2FA-40E3-AA44-0EB0A6861BD4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700", "versionEndIncluding": "5.1.0", "versionStartIncluding": "5.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e." }, { "lang": "es", "value": "Jonathan Looney descubri\u00f3 que la implementaci\u00f3n de la cola de retransmisi\u00f3n de TCP en tcp_fragment en el kernel de Linux podr\u00eda estar fragmentada cuando se manejan ciertas secuencias de Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podr\u00eda usar esto para causar una denegaci\u00f3n de servicio. Esto se ha corregido en versiones de kernel estables 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, y se corrige en el commit f070ef2ac66716357066b683fb0baf55f8191a2e." } ], "id": "CVE-2019-11478", "lastModified": "2024-02-27T21:04:17.560", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@ubuntu.com", "type": "Secondary" } ] }, "published": "2019-06-19T00:15:12.687", "references": [ { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { "source": "security@ubuntu.com", "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html" }, { "source": "security@ubuntu.com", "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { "source": "security@ubuntu.com", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" }, { "source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { "source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { "source": "security@ubuntu.com", "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { "source": "security@ubuntu.com", "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "source": "security@ubuntu.com", "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "source": "security@ubuntu.com", "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "source": "security@ubuntu.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" }, { "source": "security@ubuntu.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "source": "security@ubuntu.com", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "source": "security@ubuntu.com", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" }, { "source": "security@ubuntu.com", "url": "https://seclists.org/bugtraq/2019/Jul/30" }, { "source": "security@ubuntu.com", "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K26618426" }, { "source": "security@ubuntu.com", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "source": "security@ubuntu.com", "url": "https://www.kb.cert.org/vuls/id/905115" }, { "source": "security@ubuntu.com", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "security@ubuntu.com", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "security@ubuntu.com", "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "source": "security@ubuntu.com", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" } ], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-770" } ], "source": "security@ubuntu.com", "type": "Secondary" } ] } } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.