Are you interested in our Early Access Program (EAP)? This program allows you to preview code, test in your lab and provide feedback prior to General Availability (GA) release of all Infoblox products. If so, please click the link here.

NIOS DNS DHCP IPAM

Reply

CVE-2019-11477

Techie
Posts: 4
5890     0

Hi,

 

There are good reasons to believe that NIOS, being built on Linux, is susceptible to among others CVE-2019-11477, the selective ACK kernel panic vulnerability recently disclosed by Netflix. I got the mail today about KB 2899: security alerts being recently updated, but nothing about this SACK panic "feature".

- Anyone got any news on this?
- Anyone tested an appliance against it?

 

Netflix advisory: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

RedHat advisory: https://access.redhat.com/security/vulnerabilities/tcpsack

 

BR,

 

Re: CVE-2019-11477

Expert
Posts: 65
5891     0

KB 10615 posted yesterday for NIOS 8.4.0-8.4.3.  Hotfix available for 8.4.3.

https://support.infoblox.com/app/answers/detail/a_id/10615

Re: CVE-2019-11477

[ Edited ]
Techie
Posts: 4
5891     0

No cookie. That hotfix addresses CVE-2019-6471, not CVE-2019-11477.

 

BR,

 

 

Re: CVE-2019-11477

Expert
Posts: 65
5891     0

Sorry, I read it too fast... yesterday I heard from someone on the NetMRI team that NetMRI is not affected and that a KB would be posted today, as soon as the NIOS one was posted.   So expect it soon.

Re: CVE-2019-11477

Techie
Posts: 4
5891     0

The vulnerability notice, with associated hotfix and instruction, was made available some 20 hours ago: https://support.infoblox.com/app/answers/detail/a_id/10622

 

Re: CVE-2019-11477

Member
Posts: 1
5891     0

Hi,

 

applied this hotfix on a test Grid, worked fine.

No affect on DNS Service at all

 

Thanks,

Fredrik

Re: CVE-2019-11477

Techie
Posts: 4
5891     0

Thank you. Good to know it was a smooth process.

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You