• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.
 

Recommended Providers

Fully Managed WordPress Hosting
lc_banner_leadgen_3
Fully Managed WordPress Hosting

WordPress Theme

Divi WordPress Theme
WPZOOM

Forum Membership

Forum Membership

TCP SACK PANIC - Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478

Started by Kailash, June 21, 2019, 02:06:02 PM

Kailash

TCP SACK PANIC - Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479

A vulnerability targeting the networking stack in linux servers running kernel 2.6.29 or newer has been discovered that allows for Networking denial-of-service of varying severity, leveraging TCP "Selective Acknowlegment" (SACK).

Because the vulnerability requires absolutely no authentication, it could be used to deny networking indefinitely to any linux server using an unpatched kernel released in the last 10 years.

You can read more about the exploit (and patches mitigating it), here: https://www.openwall.com/lists/oss-security/2019/06/17/5 and here https://access.redhat.com/security/vulnerabilities/tcpsack

Centos 5 hosts and older cannot be updated due to lack of support, so it requires disabling SACK on them. 

- Kailash