CVE-2019-11477 - log back

CVE-2019-11477 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ An integer overflow has been discovered in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A sequence of SACKs may be crafted such that one can trigger a kernel panic. A remote attacker could use this to cause a denial of service (system crash).
References
+ https://www.openwall.com/lists/oss-security/2019/06/17/5
+ https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
+ https://access.redhat.com/security/vulnerabilities/tcpsack
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
Notes
+ Workaround:
+
+ $ sudo sysctl -w net.ipv4.tcp_sack=0
+ net.ipv4.tcp_sack = 0
+
+ IMPORTANT: The sysctl modification shown above is not persistent across reboots