Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 2890 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Sophos Advisory]: TCP SACK PANIC kernel vulnerability.

Yashraj S

Hi everyone,

Three related flaws were found in the Linux kernel’s handling of TCP Selective Acknowledgement (SACK) packets handling with low MSS size. These have been assigned the following CVEs: CVE-2019-11477 is considered an Important severity while CVE-2019-11478 and CVE-2019-11479 are considered a Moderate severity.

The following article outlines the details of the TCP SACK PANIC and how it impacts Sophos products.



This thread was automatically locked due to age.
Parents
  • 0

    [Update]: 27/06/2019 

    TCP SACK PANIC kernel vulnerability fix released plan has been updated. Kindly check this link:

  • 0 in reply to Shweta

    I posted a comment back to the advisory, but figured I would add it here to the community page as well.

    I had a client this morning, whose machines would not grab an IPv4 address after I implemented the fix for the XG firewall last night.

    The firewall is the dhcp server. it was showing leases assigned, but the computers were showing 'not connected'.  I tried the typical netsh winsock and ip resets, but it was not until I reverted the change that the computers started working again. Strangely, even the Open-Mesh switch didn't show the PC as connected (at layer 2) until reverting the change.

Reply
  • 0 in reply to Shweta

    I posted a comment back to the advisory, but figured I would add it here to the community page as well.

    I had a client this morning, whose machines would not grab an IPv4 address after I implemented the fix for the XG firewall last night.

    The firewall is the dhcp server. it was showing leases assigned, but the computers were showing 'not connected'.  I tried the typical netsh winsock and ip resets, but it was not until I reverted the change that the computers started working again. Strangely, even the Open-Mesh switch didn't show the PC as connected (at layer 2) until reverting the change.

Children