Reply

CVE-2019-11477

New Member
Posts: 5
7724     0

Hi,

 

There are good reasons to believe that NIOS, being built on Linux, is susceptible to among others CVE-2019-11477, the selective ACK kernel panic vulnerability recently disclosed by Netflix. I got the mail today about KB 2899: security alerts being recently updated, but nothing about this SACK panic "feature".

- Anyone got any news on this?
- Anyone tested an appliance against it?

 

Netflix advisory: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

RedHat advisory: https://access.redhat.com/security/vulnerabilities/tcpsack

 

BR,

 

Re: CVE-2019-11477

Expert
Posts: 70
7724     0

KB 10615 posted yesterday for NIOS 8.4.0-8.4.3.  Hotfix available for 8.4.3.

https://support.infoblox.com/app/answers/detail/a_id/10615

Re: CVE-2019-11477

[ Edited ]
New Member
Posts: 5
7724     0

No cookie. That hotfix addresses CVE-2019-6471, not CVE-2019-11477.

 

BR,

 

 

Re: CVE-2019-11477

Expert
Posts: 70
7724     0

Sorry, I read it too fast... yesterday I heard from someone on the NetMRI team that NetMRI is not affected and that a KB would be posted today, as soon as the NIOS one was posted.   So expect it soon.

Re: CVE-2019-11477

New Member
Posts: 5
7724     0

The vulnerability notice, with associated hotfix and instruction, was made available some 20 hours ago: https://support.infoblox.com/app/answers/detail/a_id/10622

 

Re: CVE-2019-11477

New Member
Posts: 1
7724     0

Hi,

 

applied this hotfix on a test Grid, worked fine.

No affect on DNS Service at all

 

Thanks,

Fredrik

Re: CVE-2019-11477

New Member
Posts: 5
7724     0

Thank you. Good to know it was a smooth process.

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You