Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Four CVEs Describe SACKs of Linux and FreeBSD VulnerabilitiesFour CVEs Describe SACKs of Linux and FreeBSD Vulnerabilities
Four new CVEs present issues that have a potential DoS impact on almost every Linux user.
1 Min Read
Linux and FreeBSD users have a SACK of new vulnerabilities to worry about, as four new CVEs describe selective acknowledgement (SACK) and excess resource consumption vulnerabilities that can bring a system to a standstill from a denial of service attack.
Three of the CVEs — CVE-2019-11477, CVE-2019-11478, and CVE-2019-5599 — deal with a variety of different SACKs that can hit various Linux distributions and FreeBSD 12 using the RACK TCP Stack. In each case, a carefully crafted selective acknowledgement can trigger an issue that could lead to slowed performance, denial of service, or a kernel panic.
The fourth CVE, CVE-2019-11479, describes a vulnerability stemming from a hard-coded maximum segment size (MSS) that can result in a higher number of fragmented packets than normal. This issue for all Linux versions could be exploited to cause increased resource consumption in the CPU and network controller, with system slowdown or denial of service as the result.
Because of the nature of the Linux and FreeBSD communities, vendors and open-source projects are in various stages of releasing patches for these vulnerabilities. Users should contact their system provider to see whether a patch is already available for the distribution in use.
About the Author
You May Also Like
More Insights
Webinars
Shifting Left: DevSecOps in the Cloud
Feb 4, 2025Uncovering Threats to Your Mainframe & How to Keep Host Access Secure
Feb 13, 2025Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025
