Some links about the TCP SACK PANIC attacks on Linux and FreeBSD Kernels
Posted by jpluimers on 2019/06/20
The TCP SACK vulnerabilities as found by Netflix: [WayBack] security-bulletins/2019-001.md at master · Netflix/security-bulletins · GitHub.
Easy, but slow workaround from [WayBack] linux – How to disable TCP SACK for CentOS? – Super User:
Temporary (until boot):
echo "0" > /proc/sys/net/ipv4/tcp_sack
Permanent (even after boot):
echo "net.ipv4.tcp_sack = 0" >> /etc/sysctl.conf sysctl -p
Coverage:
- [WayBack] Sad SACK: Linux PCs, servers, gadgets may be crashed by ‘Ping of Death’ network packets • The Register
Don’t let miscreants play hacky-SACK with your gear. Apply these mitigations, patches now if you can
- [WayBack] TCP SACK PANIC: Linux- und FreeBSD-Kernel lassen sich aus der Ferne angreifen | heise online
- [WayBack] Security Vulnerability: TCP SACK Denial of Service attacks aka “SACK Panic” – CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479 | Support | SUSE
- [WayBack] SACK Panic – Multiple TCP-based remote denial-of-service issues | Hacker News
–jeroen
Leave a Reply