ASA-2019-00368 – FreeBSD: Resource exhaustion in non-default RACK TCP stack

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00368

Identifier(s)

ASA-2019-00368, CVE-2019-5599, FreeBSD-SA-19:08.rack

Title

Resource exhaustion in non-default RACK TCP stack

Vendor(s)

The FreeBSD Project

Product(s)

FreeBSD

Affected version(s)

FreeBSD 12.0 and later

Fixed version(s)

2019-06-19 16:25:39 UTC (stable/12, 12.0-STABLE)
2019-06-19 16:43:05 UTC (releng/12.0, 12.0-RELEASE-p6)

Proof of concept

Unknown

Description

While processing acknowledgements, the RACK code uses several linked lists to maintain state entries. A malicious attacker can cause the lists to grow unbounded. This can cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service.

An attacker with the ability to send specially crafted TCP traffic to a victim system can degrade network performance and/or consume excessive CPU by exploiting the inefficiency of traversing the potentially very large RACK linked lists with relatively small bandwidth cost.

Technical details

Unknown

Workaround

By default RACK is not compiled or loaded into the TCP stack. To determine if you are using RACK, check the net.inet.tcp.functions_available sysctl. If it includes a line with “rack”, the RACK stack is loaded.

To disable RACK, unload the kernel module with:

# kldunload tcp_rack

Note: it may be required to use the force flag (-f) with the kldunload.

Credits

Jonathan Looney (Netflix Information Security) and Peter Lei (Netflix Information Security)

Reference(s)

Resource exhaustion in non-default RACK TCP stack
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:08.rack.asc

rack.patch.asc
https://security.FreeBSD.org/patches/SA-19:08/rack.patch.asc

Revision 349197
https://svnweb.freebsd.org/base?view=revision&revision=r349197

Revision r349199
https://svnweb.freebsd.org/base?view=revision&revision=r349199

CVE-2019-5599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5599

CVE-2019-5599
https://nvd.nist.gov/vuln/detail/CVE-2019-5599

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: June 20, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.