CVE-2019-11479

EPSS 14.29%
Published 19.06.2019 00:15:12
Last modified 21.11.2024 04:21:09
Source security@ubuntu.com
Teams watchlist Login
Open Login

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Affected products Warnungen 0 Metrics 4 CWE 2 References 31

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.4 < 4.4.182

Linux ≫ Linux Kernel Version >= 4.9 < 4.9.182

Linux ≫ Linux Kernel Version >= 4.14 < 4.14.127

Linux ≫ Linux Kernel Version >= 4.19 < 4.19.52

Linux ≫ Linux Kernel Version >= 5.1 < 5.1.11

F5 ≫ Big-ip Advanced Firewall Manager Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Advanced Firewall Manager Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Advanced Firewall Manager Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Advanced Firewall Manager Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Advanced Firewall Manager Version >= 15.0.0 < 15.0.1.1

F5 ≫ Big-ip Access Policy Manager Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Access Policy Manager Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Access Policy Manager Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Access Policy Manager Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Access Policy Manager Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Access Policy Manager Version >= 15.0.0 < 15.0.1.1

F5 ≫ Big-ip Application Acceleration Manager Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Application Acceleration Manager Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Application Acceleration Manager Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Application Acceleration Manager Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Application Acceleration Manager Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Application Acceleration Manager Version >= 15.0.0 < 15.0.1.1

F5 ≫ Big-ip Link Controller Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Link Controller Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Link Controller Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Link Controller Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Link Controller Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Link Controller Version >= 15.0.0 < 15.0.1.1

F5 ≫ Big-ip Policy Enforcement Manager Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Policy Enforcement Manager Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Policy Enforcement Manager Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Policy Enforcement Manager Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Policy Enforcement Manager Version >= 15.0.0 < 15.0.1.1

F5 ≫ Big-ip Webaccelerator Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Webaccelerator Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Webaccelerator Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Webaccelerator Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Webaccelerator Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Webaccelerator Version >= 15.0.0 < 15.0.1.1

F5 ≫ Big-ip Application Security Manager Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Application Security Manager Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Application Security Manager Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Application Security Manager Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Application Security Manager Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Application Security Manager Version >= 15.0.0 < 15.0.1.1

F5 ≫ Big-ip Local Traffic Manager Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Local Traffic Manager Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Local Traffic Manager Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Local Traffic Manager Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Local Traffic Manager Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Local Traffic Manager Version >= 15.0.0 < 15.0.1.1

F5 ≫ Big-ip Fraud Protection Service Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Fraud Protection Service Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Fraud Protection Service Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Fraud Protection Service Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Fraud Protection Service Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Fraud Protection Service Version >= 15.0.0 < 15.0.1.1

F5 ≫ Big-ip Global Traffic Manager Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Global Traffic Manager Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Global Traffic Manager Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Global Traffic Manager Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Global Traffic Manager Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Global Traffic Manager Version >= 15.0.0 < 15.0.1.1

F5 ≫ Big-ip Analytics Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Analytics Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Analytics Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Analytics Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Analytics Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Analytics Version >= 15.0.0 < 15.0.1.1

F5 ≫ Big-ip Edge Gateway Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Edge Gateway Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Edge Gateway Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Edge Gateway Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Edge Gateway Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Edge Gateway Version >= 15.0.0 < 15.0.1.1

F5 ≫ Big-ip Domain Name System Version >= 11.5.2 < 11.6.5.1

F5 ≫ Big-ip Domain Name System Version >= 12.1.0 < 12.1.5.1

F5 ≫ Big-ip Domain Name System Version >= 13.1.0 < 13.1.3.2

F5 ≫ Big-ip Domain Name System Version >= 14.0.0 < 14.0.1.1

F5 ≫ Big-ip Domain Name System Version >= 14.1.2 < 14.1.2.1

F5 ≫ Big-ip Domain Name System Version >= 15.0.0 < 15.0.1.1

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Canonical ≫ Ubuntu Linux Version19.04

Redhat ≫ Enterprise Linux Version7.0

F5 ≫ Big-iq Centralized Management Version >= 5.1.0 <= 5.4.0

F5 ≫ Big-iq Centralized Management Version >= 6.0.0 <= 6.1.0

F5 ≫ Enterprise Manager Version3.1.1

F5 ≫ Iworkflow Version2.3.0

F5 ≫ Traffix Signaling Delivery Controller Version >= 5.0.0 <= 5.1.0

Redhat ≫ Virtualization Host Version4.0

Redhat ≫ Enterprise Linux Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	14.29%	0.942

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
security@ubuntu.com	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-405 Asymmetric Resource Consumption (Amplification)

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.oracle.com/security-alerts/cpujan2020.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

http://www.openwall.com/lists/oss-security/2019/06/28/2

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2019/07/06/3

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2019/07/06/4

Third Party Advisory

Mailing List