CVE-2019-11479

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt	Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/28/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/06/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/06/4	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/108818	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:1594	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1602	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1699	Third Party Advisory
https://access.redhat.com/security/vulnerabilities/tcpsack	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf	Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363	Mailing List Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6	Mailing List Patch Vendor Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md	Patch Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10287	Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190625-0001/	Third Party Advisory
https://support.f5.com/csp/article/K35421172	Third Party Advisory
https://support.f5.com/csp/article/K35421172?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4041-1/	Third Party Advisory
https://usn.ubuntu.com/4041-2/	Third Party Advisory
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic	Mitigation Third Party Advisory
https://www.kb.cert.org/vuls/id/905115	Third Party Advisory US Government Resource
https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.synology.com/security/advisory/Synology_SA_19_28	Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-253-03	Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-20-170-06	Third Party Advisory US Government Resource
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt	Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/28/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/06/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/06/4	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/108818	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:1594	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1602	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1699	Third Party Advisory
https://access.redhat.com/security/vulnerabilities/tcpsack	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf	Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363	Mailing List Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6	Mailing List Patch Vendor Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md	Patch Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10287	Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190625-0001/	Third Party Advisory
https://support.f5.com/csp/article/K35421172	Third Party Advisory
https://support.f5.com/csp/article/K35421172?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4041-1/	Third Party Advisory
https://usn.ubuntu.com/4041-2/	Third Party Advisory
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic	Mitigation Third Party Advisory
https://www.kb.cert.org/vuls/id/905115	Third Party Advisory US Government Resource
https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.synology.com/security/advisory/Synology_SA_19_28	Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-253-03	Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-20-170-06	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::

Configuration 3 (hide)

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::

Configuration 4 (hide)

OR	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::

Configuration 5 (hide)

OR	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::

Configuration 6 (hide)

OR	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::

Configuration 7 (hide)

OR	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::

Configuration 8 (hide)

OR	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::

Configuration 9 (hide)

OR	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::

Configuration 10 (hide)

OR	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::

Configuration 11 (hide)

OR	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::

Configuration 12 (hide)

OR	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::

Configuration 13 (hide)

OR	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::

Configuration 14 (hide)

OR	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::

Configuration 15 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

Configuration 16 (hide)

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 17 (hide)

OR	cpe:2.3:a:f5:big-iq_centralized_management::::::::
	cpe:2.3:a:f5:big-iq_centralized_management::::::::
	cpe:2.3:a:f5:enterprise_manager:3.1.1:::::::*
	cpe:2.3:a:f5:iworkflow:2.3.0:::::::*
	cpe:2.3:a:f5:traffix_signaling_delivery_controller::::::::

Configuration 18 (hide)

AND

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:21

07 Nov 2023, 03:03

Type	Values Removed	Values Added
References	{'url': 'https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS', 'name': 'https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}	() https://support.f5.com/csp/article/K35421172?utm_source=f5support&amp%3Butm_medium=RSS -

16 Aug 2023, 14:17

Type	Values Removed	Values Added
CPE	cpe:2.3:a:f5:traffix_sdc::::::::	cpe:2.3:a:f5:traffix_signaling_delivery_controller::::::::
First Time		F5 traffix Signaling Delivery Controller

Information

Published : 2019-06-19 00:15

Updated : 2024-11-21 04:21

NVD link : CVE-2019-11479

Mitre link : CVE-2019-11479

CVE.ORG link : CVE-2019-11479

JSON object : View

Products Affected

big-ip_policy_enforcement_manager
big-ip_global_traffic_manager
big-iq_centralized_management
big-ip_access_policy_manager
big-ip_application_acceleration_manager
enterprise_manager
big-ip_advanced_firewall_manager
iworkflow
traffix_signaling_delivery_controller
big-ip_webaccelerator
big-ip_application_security_manager
big-ip_edge_gateway
big-ip_local_traffic_manager
big-ip_analytics
big-ip_domain_name_system
big-ip_fraud_protection_service
big-ip_link_controller

redhat

virtualization_host
enterprise_linux

canonical

ubuntu_linux

linux

linux_kernel

CWE

CWE-405

Asymmetric Resource Consumption (Amplification)

CWE-770

Allocation of Resources Without Limits or Throttling

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-11479

7.5^/10

5.0^/10

Attach tags to `CVE-2019-11479`