Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2019-11479

Published: 19/06/2019 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Linux

Vulnerability Summary

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

f5 big-ip advanced firewall manager

f5 big-ip access policy manager

f5 big-ip application acceleration manager

f5 big-ip link controller

f5 big-ip policy enforcement manager

f5 big-ip webaccelerator

f5 big-ip application security manager

f5 big-ip local traffic manager

f5 big-ip fraud protection service

f5 big-ip global traffic manager

f5 big-ip analytics

f5 big-ip edge gateway

f5 big-ip domain name system

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

canonical ubuntu linux 19.04

canonical ubuntu linux 14.04

redhat enterprise linux 7.0

f5 enterprise manager 3.1.1

f5 traffix signaling delivery controller

f5 big-iq centralized management

f5 iworkflow 2.3.0

redhat virtualization_host 4.0

Vendor Advisories

Debian CVElist Bug Report Logs: linux-image-4.19.0-4-amd64: CVE-2019-11815
Debian Bug report logs - #928989 linux-image-4190-4-amd64: CVE-2019-11815 Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Jeff Cliff <jeffreycliff@gmailcom> Date: Tue, 14 May 2019 18:39:01 UTC Severity: important Tags: security Found in versions l ...
Debian Security Advisories: DSA-4465-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2019-3846 , CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of ar ...
Ubuntu Security Notice: linux-lts-xenial, linux-aws, linux-azure update
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon update
Several security issues were fixed in the Linux kernel ...
Amazon Linux AMI: ALAS-2019-1222
CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system The latest Amazon Linux AMIs as available in AWS EC2 already contain these kernels and are not vulnerable ...
Amazon Linux 2: ALAS2-2019-1222
CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system The latest Amazon Linux 2 AMIs as available in AWS EC2 already contain these kernels and are not vulnerable ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Comm ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services ...
Red Hat: Important: redhat-virtualization-host security and enhancement update
Synopsis Important: redhat-virtualization-host security and enhancement update Type/Severity Security Advisory: Important Topic An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a sec ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Important: kernel-rt security update
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: redhat-virtualization-host security update
Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this updated as having a security impact of ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: CVE-2019-11479
Impact: Moderate Public Date: 2019-06-17 CWE: CWE-400 Bugzilla: 1719129: CVE-2019-11479 Kernel: tcp: ex ...
Arch Linux Issues:
An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments If the Maximum Segment Size (MSS) of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increases the Linux kernel's resource (CPU, Memory, and Ba ...
Citrix Security Bulletins: Citrix SD-WAN Security Update
Description of Problem Multiple denial of service vulnerabilities have been identified in the Citrix SD-WAN Appliance and Citrix SD-WAN Center Management Console These vulnerabilities could permit a remote attacker to cause a denial of service by causing a host crash or by causing reduced service capacity due to resource exhaustion The vulnerabil ...
Palo Alto Networks Security Advisory: PAN-SA-2019-0013 Information about TCP SACK Panic Findings in PAN-OS
PAN-SA-2019-0013 Information about TCP SACK Panic Findings in PAN-OS ...

ICS Advisories

Siemens Industrial Products (Update P)
Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems

Mailing Lists

Full Disclosure: Re: linux-distros membership application - Microsoft
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: linux-distros membership application - Microsoft <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Sasha Levin ...

Github Repositories

https://github.com/Ivan-778/docLinux

docLinux Изменение размера root lvm раздела Логирование вывода консоли Перенаправления OOM killer mount - примеры Демон подкачки ядра (kswapd) Заставить «OOM killer'а» игнорировать процесс Как просмотреть активные проце

https://github.com/hightemp/docLinux

Статьи о Linux

docLinux Изменение размера root lvm раздела Логирование вывода консоли Перенаправления OOM killer mount - примеры Демон подкачки ядра (kswapd) Заставить «OOM killer'а» игнорировать процесс Как просмотреть активные проце

https://github.com/misanthropos/FFFFM

Frankfurter Freifunk-Firmware Firmware-Branches Stable Die aktuelle Stabile Firmware Die Releases basieren auf den Git-Tags, die unter githubcom/freifunk-ffm/site-ffffm/releases zu finden sind Wenn du selbst eine Stable-Firmware bauen willst, musst du den entsprechenden Tag auschecken und mittels "/cish" bauen RC Eine Release Candidate-Firmware ist eine

https://github.com/DevOps-spb-org/Linux-docs

docLinux Изменение размера root lvm раздела Логирование вывода консоли Перенаправления OOM killer mount - примеры Демон подкачки ядра (kswapd) Заставить «OOM killer'а» игнорировать процесс Как просмотреть активные проце

Recent Articles

Sad SACK: Linux PCs, servers, gadgets may be crashed by 'Ping of Death' network packets
The Register • Shaun Nichols in San Francisco • 17 Jun 2019

Don't let miscreants play hacky-SACK with your gear. Apply these mitigations, patches now if you can

It is possible to crash vulnerable network-facing Linux servers, PCs, and gadgets, or slow down their network connections, by sending them a series of maliciously crafted packets. It is also possible to hamper vulnerable FreeBSD machines with the same attack. Given that Linux powers an incredible amount of stuff these days, all sorts of gear from network or internet-connected TVs, routers, thermostats, light switches, CCTV cameras, and robot vacuum cleaners, to servers, PCs, smart fridges, phone...

Read more...

References

CWE-770https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.mdhttps://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanichttps://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6https://access.redhat.com/security/vulnerabilities/tcpsackhttps://support.f5.com/csp/article/K35421172http://www.securityfocus.com/bid/108818https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193https://www.kb.cert.org/vuls/id/905115https://www.synology.com/security/advisory/Synology_SA_19_28https://security.netapp.com/advisory/ntap-20190625-0001/https://access.redhat.com/errata/RHSA-2019:1594https://access.redhat.com/errata/RHSA-2019:1602https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008https://kc.mcafee.com/corporate/index?page=content&id=SB10287http://www.openwall.com/lists/oss-security/2019/06/28/2https://usn.ubuntu.com/4041-2/http://www.openwall.com/lists/oss-security/2019/07/06/3http://www.openwall.com/lists/oss-security/2019/07/06/4https://access.redhat.com/errata/RHSA-2019:1699https://usn.ubuntu.com/4041-1/https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfhttps://www.us-cert.gov/ics/advisories/icsa-19-253-03https://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.us-cert.gov/ics/advisories/icsma-20-170-06http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txthttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://support.f5.com/csp/article/K35421172?utm_source=f5support&%3Butm_medium=RSShttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928989https://nvd.nist.govhttps://usn.ubuntu.com/4041-2/https://www.cisa.gov/uscert/ics/advisories/icsa-19-253-03https://www.kb.cert.org/vuls/id/905115
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook