ASA-201906-13 - log back

ASA-201906-13 created at 25 Sep 2019 19:32:14
Workaround
+ - CVE-2019-11477 and CVE-2019-11478
+
+ $ sudo sysctl -w net.ipv4.tcp_sack=0
+
+ The mitigation described below for CVE-2019-11479 is also sufficient
+ for CVE-2019-11477 and CVE-2019-11478 if disabling TCP SACK support is
+ not viable.
+
+ - CVE-2019-11479
+
+ $ sudo iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP
+
+ The net.ipv4.tcp_mtu_probing sysctl must be disabled (set to 0) when
+ using the iptables rules shown above.
Impact
+ A remote attacker is able to crash the system by sending specially crafted TCP packets.