Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Reference:
Advisory #2019-016
Version:
1.0
Affected software:
Linux kernels 2.6.29 and later
FreeBSD 12 using the RACK TCP Stack
Linux 4.15
Type:
Remote denial of service vulnerabilities
CVE/CVSS:
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
An attacker can remotely cause a denial of service on several vulnerable Linux distributions. One of the vulnerabilities, dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent Linux kernels.
Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.
The vulnerabilities are related to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities.
There are unofficial patches that address most of these vulnerabilities and a series of mitigations posted on Netflix GitHub’s repository.
One of the vulnerabilities, dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent Linux kernels.
As the time of writing, no patches are yet available. However, Netflix published some mitigations on their GitHub page:
• https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
CERT.be recommends systems administrators to monitor the GitHub repository of the vulnerabilities and perform a risk analysis and testing to determine if the workarounds can be implemented.
CERT.be recommends systems administrators to patch the vulnerabilities once a patch has been made available by the vendor after careful testing.