Russian Vulnerability Scanner Database

Back to List

BDU:2019-02194

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

7.5high3.x
0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 3.x
7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0
7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Description

Уязвимость механизма TCP SACK (TCP Selective Acknowledgement, выборочное подтверждение TCP) ядра операционной системы Linux вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании путем отправки специально сформированной последовательности SACK-пакетов

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2019-11477

Exploits

Exploit ID: CVE-2019-11477

Source: github-poc

URL: https://github.com/sasqwatch/cve-2019-11477-poc

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11477
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en
http://www.openwall.com/lists/oss-security/2019/06/20/3
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
http://www.openwall.com/lists/oss-security/2019/10/24/1
http://www.openwall.com/lists/oss-security/2019/10/29/3
http://www.vmware.com/security/advisories/VMSA-2019-0010.html
https://access.redhat.com/errata/RHSA-2019:1594
https://access.redhat.com/errata/RHSA-2019:1602
https://access.redhat.com/errata/RHSA-2019:1699
https://access.redhat.com/security/vulnerabilities/tcpsack
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477
https://cve.omprussia.ru/bb6323
https://exchange.xforce.ibmcloud.com/vulnerabilities/162662
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
https://kc.mcafee.com/corporate/index?page=content&id=SB10287
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.127
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.52
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.182
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.182
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.11
https://launchpad.net/bugs/1831637
https://nvd.nist.gov/vuln/detail/CVE-2019-11477
https://patchwork.ozlabs.org/patch/1117155/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006
https://security.netapp.com/advisory/ntap-20190625-0001/
https://support.f5.com/csp/article/K78234183
https://ubuntu.com/security/notices/USN-4017-1
https://ubuntu.com/security/notices/USN-4017-2
https://usn.ubuntu.com/usn/usn-4017-1
https://usn.ubuntu.com/usn/usn-4017-2
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
https://www.cve.org/CVERecord?id=CVE-2019-11477
https://www.kb.cert.org/vuls/id/905115
https://www.opennet.ru/openforum/vsluhforumID3/117645.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.synology.com/security/advisory/Synology_SA_19_28
https://www.us-cert.gov/ics/advisories/icsa-19-253-03

Recommendations

Source: bdu

Использование рекомендаций:
Для Linux:
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.127
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.52
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.182
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.182
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.11

Альт Линукс:
https://cve.basealt.ru/

Для openSUSE:
https://www.suse.com/security/cve/CVE-2019-11477/

Для продуктов Oracle:
https://www.oracle.com/security-alerts/cpujan2020.html

Red Hat:
https://access.redhat.com/security/cve/CVE-2019-11479

Для Ubuntu:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic

Для Siemens:
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf

Для Huawеi:
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en

Для VMware:
http://www.vmware.com/security/advisories/VMSA-2019-0010.html

Для Oracle:
https://www.oracle.com/security-alerts/cpuoct2020.html

Для ОС Аврора:
https://cve.omprussia.ru/bb6323

URL: https://bdu.fstec.ru/vul/2019-02194

Vulnerable Software (3657)

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: red hat enterprise linux 6

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: ubuntu 18.04 LTS

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: altlinux 8

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: opensuse leap 15.1

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: red hat enterprise linux 6.5 Advanced Update Support

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: red hat enterprise linux 7.3 Update Services for SAP Solutions

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: ос аврора 3.2.3.10

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: linux *

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: red hat enterprise linux 7.3 Advanced Update Support

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: red hat enterprise linux 7.3 Telco Extended Update Support

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: red hat enterprise linux 7.4 Extended Update Support

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: red hat enterprise linux 7.5 Extended Update Support

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: ubuntu 16.04 LTS

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: ubuntu 12.04 ESM

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: red hat enterprise linux 8

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: opensuse leap 15.0

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: red hat enterprise linux 7.2 Advanced Update Support

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: red hat enterprise linux 7.2 Telco Extended Update Support

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: red hat enterprise linux 7

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu

Type: Configuration

Vendor: broadcom inc.

Product: vmware aria automation

Operating System: altlinux 7.0

Trait: 
{  "version_end_excluding": "8.0.0",  "version_start_including": "7.0"}

Source: bdu