Allele Security Alert
ASA-2019-00406
Identifier(s)
ASA-2019-00406, VMSA-2019-0010
Title
Selective Acknowledgement (SACK) Panic
Vendor(s)
VMware Inc
Product(s)
AppDefense
Container Service Extension
Enterprise PKS
Horizon DaaS
Hybrid Cloud Extension
Identity Manager
Integrated OpenStack
NSX for vSphere
NSX-T Data Center
Pulse Console
SD-WAN Edge by VeloCloud
SD-WAN Gateway by VeloCloud
SD-WAN Orchestrator by VeloCloud
Skyline Collector
Unified Access Gateway
vCenter Server Appliance
vCloud Availability Appliance
vCloud Director For Service Providers
vCloud Usage Meter
vRealize Automation
vRealize Business for Cloud
vRealize Code Stream
vRealize Log Insight
vRealize Network Insight
vRealize Operations Manager
vRealize Orchestrator Appliance
vRealize Suite Lifecycle Manager
vSphere Data Protection
vSphere Integrated Containers
vSphere Replication
Affected version(s)
AppDefense versions 2.x.x before 2.2.1
Container Service Extension versions unknown
Enterprise PKS versions unknown
Horizon DaaS versions unknown
Hybrid Cloud Extension versions unknown
Identity Manager versions unknown
Integrated OpenStack versions unknown
NSX for vSphere versions unknown
NSX-T Data Center versions unknown
Pulse Console versions unknown
SD-WAN Edge by VeloCloud versions unknown
SD-WAN Gateway by VeloCloud versions unknown
SD-WAN Orchestrator by VeloCloud versions unknown
Skyline Collector versions unknown
Unified Access Gateway versions unknown
vCenter Server Appliance versions 6.7 before 6.7u2c
vCenter Server Application version 6.5 before 6.5u3
vCenter Server Application version 6.0
vCloud Availability Appliance versions unknown
vCloud Director For Service Providers versions unknown
vCloud Usage Meter versions unknown
vRealize Automation versions unknown
vRealize Business for Cloud versions unknown
vRealize Code Stream versions unknown
vRealize Log Insight versions unknown
vRealize Network Insight versions unknown
vRealize Operations Manager versions unknown
vRealize Orchestrator Appliance versions unknown
vRealize Suite Lifecycle Manager versions unknown
vSphere Data Protection versions unknown
vSphere Integrated Containers versions unknown
vSphere Replication versions unknown
Fixed version(s)
Unified Access Gateway version 3.6
vCenter Server Appliance version 6.7u2c
vCenter Server Appliance version 6.5u3
AppDefense version 2.2.1
SD-WAN Edge by VeloCloud version 3.3.0
SD-WAN Gateway by VeloCloud version 3.3.0
SD-WAN Orchestrator by VeloCloud version 3.3.0
Patch pending
Container Service Extension
Enterprise PKS
Horizon DaaS
Hybrid Cloud Extension
Identity Manager
Integrated OpenStack
NSX for vSphere
NSX-T Data Center
Pulse Console
Skyline Collector
vCloud Availability Appliance
vCloud Director For Service Providers
vCloud Usage Meter
vRealize Automation
vRealize Business for Cloud
vRealize Code Stream
vRealize Log Insight
vRealize Network Insight
vRealize Operations Manager
vRealize Orchestrator Appliance
vRealize Suite Lifecycle Manager
vSphere Data Protection
vSphere Integrated Containers
vSphere Replication
Proof of concept
Unknown
Description
A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic.
A malicious actor must have network access to an affected system including the ability to send traffic with low MSS values to the target. Successful exploitation of these issues may cause the target system to crash or significantly degrade performance.
Technical details
Unknown
Credits
Unknown
Reference(s)
VMSA-2019-0010
https://www.vmware.com/security/advisories/VMSA-2019-0010.html
Unified Access Gateway 3.6
https://my.vmware.com/web/vmware/details?downloadGroup=UAG-36&productId=897&rPId=34577
vCenter Server Appliance 6.5u3
https://my.vmware.com/web/vmware/details?downloadGroup=VC65U3&productId=614&rPId=34639
vCenter Server Appliance 6.7u2c
https://my.vmware.com/web/vmware/details?downloadGroup=VC67U2C&productId=742&rPId=34693
AppDefense 2.2.1
https://my.vmware.com/web/vmware/details?downloadGroup=APPDEFENSE-221&productId=742&rPId=35078
AppDefense Plug-In 2.2.1 Release Notes
https://docs.vmware.com/en/VMware-AppDefense/221/rn/appdefense-plugin-221-release-notes.html
SD-WAN Edge by VeloCloud 3.3.0
https://my.vmware.com/web/vmware/details?downloadGroup=SD-WAN-EDGE-330&productId=899&rPId=34579
SD-WAN Gateway by VeloCloud 3.3.0
https://my.vmware.com/web/vmware/details?downloadGroup=SD-WAN-VCG-330&productId=899&rPId=34582
SD-WAN Orchestrator by VeloCloud 3.3.0
https://my.vmware.com/web/vmware/details?downloadGroup=SD-WAN-ORC-330-2&productId=899&rPId=34580
[Security-announce] VMSA-2019-0010 VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)
https://lists.vmware.com/pipermail/security-announce/2019/000460.html
ASA-2019-00365 – Linux kernel: Integer overflow while processing SACK blocks allows remote denial of service (SACK Panic)
https://allelesecurity.com/asa-2019-00365/
CVE-2019-11477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477
CVE-2019-11477
https://nvd.nist.gov/vuln/detail/CVE-2019-11477
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 30, 2019