CVE-2019-11477

ÅNordin_1 · ‎06-20-2019

Hi,

There are good reasons to believe that NIOS, being built on Linux, is susceptible to among others CVE-2019-11477, the selective ACK kernel panic vulnerability recently disclosed by Netflix. I got the mail today about KB 2899: security alerts being recently updated, but nothing about this SACK panic "feature".

- Anyone got any news on this?
- Anyone tested an appliance against it?

Netflix advisory: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

RedHat advisory: https://access.redhat.com/security/vulnerabilities/tcpsack

BR,

MAdkins · ‎06-20-2019

KB 10615 posted yesterday for NIOS 8.4.0-8.4.3. Hotfix available for 8.4.3.

https://support.infoblox.com/app/answers/detail/a_id/10615

ÅNordin_1 · ‎06-20-2019

No cookie. That hotfix addresses CVE-2019-6471, not CVE-2019-11477.

BR,

MAdkins · ‎06-20-2019

Sorry, I read it too fast... yesterday I heard from someone on the NetMRI team that NetMRI is not affected and that a KB would be posted today, as soon as the NIOS one was posted. So expect it soon.

ÅNordin_1 · ‎06-22-2019

The vulnerability notice, with associated hotfix and instruction, was made available some 20 hours ago: https://support.infoblox.com/app/answers/detail/a_id/10622

ssk_fredrik · ‎06-26-2019

Hi,

applied this hotfix on a test Grid, worked fine.

No affect on DNS Service at all

Thanks,

Fredrik

ÅNordin_1 · ‎06-28-2019

Thank you. Good to know it was a smooth process.

THE GAME HAS CHANGED

NIOS DNS DHCP IPAM

CVE-2019-11477

Re: CVE-2019-11477

Re: CVE-2019-11477

Re: CVE-2019-11477

Re: CVE-2019-11477

Re: CVE-2019-11477

Re: CVE-2019-11477