Tens of VMware Products affected by SACK Panic and SACK Slowness flaws

Pierluigi Paganini July 04, 2019

Tens of VMware products are affected by recently discovered SACK Panic and SACK Slowness Linux kernel vulnerabilities.

At least 30 VMware products are affected by recently discovered SACK Panic and SACK Slowness Linux kernel vulnerabilities.

The vulnerabilities could be exploited by a remote unauthenticated attacker to trigger a denial-of-service (DoS) condition and reboot vulnerable systems.

Impacted products are AppDefense, Container Service Extension, Enterprise PKS, Horizon, Hybrid Cloud Extension, Identity Manager, Integrated OpenStack, NSX, Pulse Console, SD-WAN, Skyline Collector, Unified Access Gateway, vCenter Server Appliance, vCloud, vRealize and vSphere products.

In the middle of June, Jonathan Looney, a security expert at Netflix, found three Linux DoS vulnerabilities, two of them related to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities, and one related only to MSS.

The security holes, discovered by a researcher working for Netflix, are related to the way the kernel handles TCP Selective Acknowledgement (SACK) packets with a low minimum segment size (MSS). They could impact many devices, including servers, Android smartphones, and embedded systems.

The expert found a total of three vulnerabilities tracked as SACK Panic (CVE-2019-11477), SACK Slowness (CVE-2019-11478, which also impacts FreeBSD), and CVE-2019-11479.

According to VMware, both SACK Panic and SACK Slowness impact tens of its products. The SACK Panic issue was rated as “important” severity and received a CVSS score of 7.5, while the SACK Slowness was rated as “moderate” severity with a CVSS score of 5.3.

“Several vulnerabilities in the Linux kernel implementation of TCP Selective Acknowledgement (SACK) have been disclosed. These issues may allow a malicious entity to execute a Denial of Service attack against affected products.” reads the security advisory published by VMware.

“A malicious actor must have network access to an affected system including the ability to send traffic with low MSS values to the target. Successful exploitation of these issues may cause the target system to crash or significantly degrade performance,”.

VMware is already working to address the issues in each of the impacted products. At the time of writing, the company issued security updates for SD-WAN software, Unified Access Gateway, and vCenter Server Appliance.

VMware also provided some workarounds to protect Virtual Appliances against potential attacks, the experts suggest either disabling SACK or modifying the built in firewall (if available) in the base OS of the product to drop incoming connections with a low MSS value.

VMware also suggested workarounds for the vCloud Director for Service Providers Appliance.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – VMware, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment