PT-2019-2418 · Linux+5 · Linux Kernel+5

Jonathan Looney

Publicado

2016-03-17

Atualizado

2024-12-20

CVE-2019-11479

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.4.182 Linux kernel versions prior to 4.9.182 Linux kernel versions prior to 4.14.127 Linux kernel versions prior to 4.19.52 Linux kernel versions prior to 5.1.11

Description The issue is caused by the Linux kernel's default Maximum Segment Size (MSS) being hard-coded to 48 bytes, allowing a remote peer to fragment TCP resend queues more significantly than if a larger MSS were enforced. This can be exploited by a remote attacker to cause a denial of service by sending a specially crafted sequence of TCP packets.

Recommendations For Linux kernel versions prior to 4.4.182, update to version 4.4.182 or later. For Linux kernel versions prior to 4.9.182, update to version 4.9.182 or later. For Linux kernel versions prior to 4.14.127, update to version 4.14.127 or later. For Linux kernel versions prior to 4.19.52, update to version 4.19.52 or later. For Linux kernel versions prior to 5.1.11, update to version 5.1.11 or later.

Exploit

Correção

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-405CWE-400

Identificadores relacionados

ALT-PU-2016-1262

ALT-PU-2017-1299

ALT-PU-2018-1557

ALT-PU-2019-1139

ALT-PU-2019-1363

ALT-PU-2019-2116

ALT-PU-2019-2117

ALT-PU-2019-2120

ALT-PU-2019-2134

ALT-PU-2019-2136

ALT-PU-2019-2156

ALT-PU-2019-2157

ALT-PU-2019-2180

ALT-PU-2019-2311

ALT-PU-2019-3128

ALT-PU-2019-3138

ALT-PU-2020-1025

ALT-PU-2020-1028

ALT-PU-2020-1070

ALT-PU-2020-1138

ALT-PU-2020-1139

ALT-PU-2020-1140

ALT-PU-2020-1147

ALT-PU-2020-1148

ALT-PU-2021-1745

BDU:2019-02196

CESA-2019_1479

CESA-2019_1480

CESA-2019_1481

CESA-2019_1488

CVE-2019-11479

DLA-1823-1

DLA-1824-1

DSA-4465-1

MGASA-2019-0195

MGASA-2019-0196

MGASA-2019-0197

OPENSUSE-SU-2019:1571-1

OPENSUSE-SU-2019:1579-1

OPENSUSE-SU-2019_1570-1

OPENSUSE-SU-2019_1571-1

OPENSUSE-SU-2019_1579-1

OPENSUSE-SU-2024:10728-1

OPENSUSE-SU-2024:13704-1

RHSA-2019:1479

RHSA-2019:1480

RHSA-2019:1481

RHSA-2019:1482

RHSA-2019:1483

RHSA-2019:1484

RHSA-2019:1485

RHSA-2019:1486

RHSA-2019:1487

RHSA-2019:1488

RHSA-2019:1489

RHSA-2019:1490

RHSA-2019:1594

RHSA-2019:1602

RHSA-2019:1699

RHSA-2019_1479

RHSA-2019_1480

RHSA-2019_1481

RHSA-2019_1486

RHSA-2019_1488

SUSE-SU-2019:14089-1

SUSE-SU-2019:1527-1

SUSE-SU-2019:1529-1

SUSE-SU-2019:1530-1

SUSE-SU-2019:1532-1

SUSE-SU-2019:1533-1

SUSE-SU-2019:1534-1

SUSE-SU-2019:1535-1

SUSE-SU-2019:1536-1

SUSE-SU-2019:1550-1

SUSE-SU-2019:1692-1

SUSE-SU-2019:2430-1

SUSE-SU-2019:2756-1

SUSE-SU-2019_14089-1

USN-4041-1

USN-4041-2

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2019-2418 · Linux+5 · Linux Kernel+5

CVE-2019-11479

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1291