Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Tens of VMware Products affected by SACK Panic and SACK Slowness flaws

Tens of VMware products are affected by recently discovered SACK Panic and SACK Slowness Linux kernel vulnerabilities. At least 30 VMware products are affected by recently discovered SACK Panic and SACK Slowness Linux kernel vulnerabilities. The vulnerabilities could be exploited by a remote unauthenticated attacker to trigger a denial-of-service (DoS) condition and reboot vulnerable systems. Impacted products […]

VMware vROps

Tens of VMware products are affected by recently discovered SACK Panic and SACK Slowness Linux kernel vulnerabilities.

At least 30 VMware products are affected by recently discovered SACK Panic and SACK Slowness Linux kernel vulnerabilities.

The vulnerabilities could be exploited by a remote unauthenticated attacker to trigger a denial-of-service (DoS) condition and reboot vulnerable systems.

Impacted products are AppDefense, Container Service Extension, Enterprise PKS, Horizon, Hybrid Cloud Extension, Identity Manager, Integrated OpenStack, NSX, Pulse Console, SD-WAN, Skyline Collector, Unified Access Gateway, vCenter Server Appliance, vCloud, vRealize and vSphere products.

In the middle of June, Jonathan Looney, a security expert at Netflix, found three Linux DoS vulnerabilities, two of them related to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities, and one related only to MSS.

The security holes, discovered by a researcher working for Netflix, are related to the way the kernel handles TCP Selective Acknowledgement (SACK) packets with a low minimum segment size (MSS). They could impact many devices, including servers, Android smartphones, and embedded systems.

The expert found a total of three vulnerabilities tracked as SACK Panic (CVE-2019-11477), SACK Slowness (CVE-2019-11478, which also impacts FreeBSD), and CVE-2019-11479.

According to VMware, both SACK Panic and SACK Slowness impact tens of its products. The SACK Panic issue was rated as “important” severity and received a CVSS score of 7.5, while the SACK Slowness was rated as “moderate” severity with a CVSS score of 5.3.

“Several vulnerabilities in the Linux kernel implementation of TCP Selective Acknowledgement (SACK) have been disclosed. These issues may allow a malicious entity to execute a Denial of Service attack against affected products.” reads the security advisory published by VMware.

“A malicious actor must have network access to an affected system including the ability to send traffic with low MSS values to the target. Successful exploitation of these issues may cause the target system to crash or significantly degrade performance,”.

VMware is already working to address the issues in each of the impacted products. At the time of writing, the company issued security updates for SD-WAN software, Unified Access Gateway, and vCenter Server Appliance.

VMware also provided some workarounds to protect Virtual Appliances against potential attacks, the experts suggest either disabling SACK or modifying the built in firewall (if available) in the base OS of the product to drop incoming connections with a low MSS value.

VMware also suggested workarounds for the vCloud Director for Service Providers Appliance.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – VMware, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]