Verified Answers

If an answer to your question is correct, click on "Verify Answer" under the "More" button. The answer will now appear with a checkmark. Please be sure to always mark answers that resolve your issue as verified. Your fellow Community members will appreciate it! Learn more

  • State Not Answered
  • Replies replies
    2
  • Subscribers subscribers
    19
  • Views views
    282
  • Users 0 members are here
  • Locked Locked
Related
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Protecting our SLES 11/12 servers against SACK Panic" / CVE-2019-11477

syed_17
Recently, one of the more severe Linux security issues of this year has been
published.
 
A remote attacker able to make TCP connections to a Linux machine can
crash this machine, regardless of the service running.
 
The codename is "SACK Panic" / CVE-2019-11477.
There are two more issues in the block, but these are less severe
(just causing higher memory, compute time or bandwith usage.)
 
- CVE-2019-11478: SACK Slowness or Excess Resource Usage
- CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values

All SUSE Linux and openSUSE versions are affected. 
 
Since, we have Oes11sp1/2/3, Oes2015sp1, sles12sp3 servers in our environment. how can we ensure their immunity to this vulnerability for different versions of SLES. 
All wonderful ideas will be highly appreciated.
Parents Reply Children
  • 0 in reply to syed_17

    We are in that waiting game, of hoping effective patches come out before any exploits start poking around the net.

    My Thoughts: 

    That an exploit would be a Denial of Service issue, so how bad would it be for a given set of externally facing services to be down?  If a given service can readily be down the time of a reboot, then probably safe to wait until the patches are ready. If such a down time has direct consequence, then be seriously testing out the work around options and start implementing them.

    I can imagine extortion attempts of `pay money or we take you down`, but in those cases you have a bit of warning to get cracking about getting work arounds into production.

    We are early in the process and will have patching to do soon, but until their are attacks in the wild, we have some breathing room.

    more on the topic with a firewall speed bump at https://isc.sans.edu/diary/rss/25046

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.