Help
FortiDLP
FortiDLP is a cloud-native endpoint DLP and Insider Risk Solution which is aimed at monitoring and Preventing Data Theft on the endpoint, across Windows, macOS and Linux.
Anthony_E
Community Manager
Community Manager

Created on ‎11-12-2024 05:30 AM

Article Id 357187

Technical Tip: JAZZ-207: Linux Kernel TCP SACK Panic

Description This article discusses JAZZ-207: Linux Kernel TCP SACK Panic.
Scope FortiDLP.
Solution

Release Date:

18 June, 2019

 

Overview:

Three related vulnerabilities were found in the Linux kernel's handling of a TCP networking mechanism known as Selective Acknowledgement (SACK), specifically when a parameter known as the Maximum Segment Size (MSS) is set to an unusually low value.

 

Affected Products:

The following products or components have been identified as affected by this vulnerability:

  • Jazz Infrastructure: versions up to and including 5.0.1,
  • Jazz Cloud: before 19 June, 2019,

 

Unaffected Products:

The following products or components are unaffected:

  • Jazz Infrastructure: since version 5.0.2.
  • Jazz Agent: all versions.
  • Jazz Cloud: since 19 June 2019.

 

Resolution:

This issue has been fixed in Jazz Infrastructure version 5.0.2.

 

It is strongly recommended that all On-Premise installations running an affected version to upgrade to the latest release as soon as possible. Releases are available to download through the Jazz Networks support portal.

 

A mitigation was deployed to the Jazz Cloud on 19 June 2019. Jazz Cloud customers do not need to take any additional action.

 

Vulnerability Information:

Three related flaws (CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479) were found in the Linux kernel’s management of TCP Selective Acknowledgement (SACK) packets handling with low Maximum Segment Size (MSS). The first two are related to the Selective Acknowledgement (SACK) packets combined with Maximum Segment Size (MSS), the third solely with the Maximum Segment Size (MSS).

 

The extent of impact is understood to be limited to denial of service at this time. The availability of Jazz Infrastructure could be impacted by allowing a remote attacker to trigger a kernel panic in the node. No privilege escalation or information leak is currently suspected.

 

There are no known exploits in the wild in this instance and an official fix is available.

 

Acknowledgements:

Originally reported by:

Jonathan Looney (Netflix Information Security)

 

Disclosure Timeline:

  • 18/06/2019 Issue reported upstream.
  • 18/06/2019 Root cause established.
  • 18/06/2019 Mitigation identified upstream.
  • 18/06/2019 Mitigation identified for Jazz components.
  • 18/06/2019 Vulnerability disclosed.
  • 18/06/2019 Patched Jazz Infrastructure released.
  • 19/06/2019 Mitigation applied for Jazz Cloud.
Labels:
45
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.