SACK-MSS-Vulnerability (CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479)

Summary

Several security vulnerabilities listed below have been raised that affects the Linux kernel’s networking subsystem. 

 These vulnerabilities are isolated to the processing of TCP Selective Acknowledgement Segments (SACK) as well as the Maximum Segment Size (MSS) of the TCP segments.  

 Is LoadMaster vulnerable?

SACK and TSO are disabled in Kemp LoadMaster and therefore, default customer deployments will not be impacted by this vulnerability. However, if you have ever previously worked with Kemp to customize kernel options for a unique deployment scenario, reach out to have your configuration validated with Kemp Support.

 Is Kemp 360 Central vulnerable?

SACK and TSO are disabled in Kemp 360 Central and therefore, default customer deployments will not be impacted by this vulnerability. However, if you have ever previously worked with Kemp to customize kernel options for a unique deployment scenario, reach out to have your configuration validated with Kemp Support.

 Is Kemp 360 Vision vulnerable?

Kemp 360 Vision is not impacted due to SACK and TSO being disabled.

  ------------------------------------------------------------------------------------------------------------

 Additional information

For additional information about the discovered vulnerabilities:

CVE-2019-11477

CVE-2019-11478

CVE-2019-11479

These pages also include the latest links to the security pages for the platform providers.

 Kemp is committed to resolving security vulnerabilities carefully and quickly. If you think you have found a security flaw in a Kemp product, please send all supporting information to: securityalert@kemp.ax

 

Was this article helpful?

0 out of 0 found this helpful

Comments