John Sponheimer

SACK Vulnerabilities

Discussion created by John Sponheimer on Jun 19, 2019
Latest reply on Jun 19, 2019 by DMFezzaReed

NOTE:  I wrote this at 7:05 am Wednesday morning.  So a few days later, there might be a change...more info...ect.

 

Just thought I would help out those who are looking for the number of QIDs related to the SACK TCP vulnerabilities.

 

I was setting up a dashboard widget, scan, etc...  SO I had to find all the QIDs.

 

4 CVE's related to this grouping

 

CVE-2019-11477 - SACK Panic
CVE-2019-11478 - SACK Slowness (affects Linux 4.15 and below)
CVE-2019-5599 - Another SACK Slowness (FreeBSD 12)
CVE-2019-11479 - Excess resource consumption

 

These below are all the ones I have found that are associated with all of the above four.  (aka...if you looks for all these QIDs, then you are covered for the above CVE's)

 

351595 Amazon Linux Security Advisory for kernel: ALAS-2019-1222
351600 Amazon Linux Security Advisory for kernel: ALAS2-2019-1222
176983 Debian Security Update for linux (DSA 4465-1) (Sad SACK)
158001 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2019-4684)
158002 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2019-4686)
237293 Red Hat Update for kernel (Sad SACK) (RHSA-2019:1479)
237296 Red Hat Update for kernel (Sad SACK) (RHSA-2019:1481)
237292 Red Hat Update for kernel (Sad SACK) (RHSA-2019:1482)
237298 Red Hat Update for kernel (Sad SACK) (RHSA-2019:1483)
237295 Red Hat Update for kernel (Sad SACK) (RHSA-2019:1488)
172481 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2019:1527-1) (Sad SACK)
172477 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2019:1530-1) (Sad SACK)
172480 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2019:1532-1) (Sad SACK)
172478 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2019:1536-1) (Sad SACK)
197497 Ubuntu Security Notification for Linux, Linux-aws, Linux-aws-hwe, Linux-azure, Linux-gcp, Linux-hwe, (USN-4017-1) (Sad SACK)

Outcomes