CVE-2019-11479 (retired)

Priority
Description
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded
to 48 bytes. This allows a remote peer to fragment TCP resend queues
significantly more than if a larger MSS were enforced. A remote attacker
could use this to cause a denial of service. This has been fixed in stable
kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed
in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and
5f3e2bf008c2221478101ee72f5cb4654b9fc363.
Ubuntu-Description
Jonathan Looney discovered that the Linux kernel could be coerced into
segmenting responses into multiple TCP segments. A remote attacker
could construct an ongoing sequence of requests to cause a denial of
service.
Mitigation
This can be mitigated by dropping all packets which specify a too small
MSS value. For example, to only allow MSS values of greater than 500
bytes, an iptables rule can be specified as:
sudo iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP
Note: this will only take effect if the net.ipv4.tcp_mtu_probing sysctl is
disabled as well.
Assigned-to
tyhicks
Notes
tyhicksThis issue is primarily due to the TCP spec not defining a minimum
value for the Minimum Segment Size (MSS). The Linux kernel cannot safely put
a restriction on the MSS because it may break valid TCP connections. This
issue will be addressed by allowing a system administrator to raise the
smallest acceptable MSS value but there will be no default mitigation by
default.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needed ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):ignored (was needed ESM criteria)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-154.181)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-54.58)
Ubuntu 19.04 (Disco Dingo):released (5.0.0-20.21)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-20.21)
Patches:
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by
5f3e2bf008c2221478101ee72f5cb4654b9fc363
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by
967c05aee439e6e5d7d805e195b3a20ef5c433d6
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.4.0-1048.52)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1087.98)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1043.45)
Ubuntu 19.04 (Disco Dingo):released (5.0.0-1010.11)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-1010.11)
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1043.45~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.15.0-1049.54~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1049.54)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-1023.24~18.04.1)
Ubuntu 19.04 (Disco Dingo):released (5.0.0-1010.10)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-1010.10)
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1049.54)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-1023.24~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needed now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1036.38~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1036.38)
Ubuntu 19.04 (Disco Dingo):released (5.0.0-1010.10)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-1010.10)
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-1015.16~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1036.38)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (5.0.0-1011.11~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-54.58~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-25.26~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-54.58~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (5.0.0-20.21~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1051.58)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1038.38)
Ubuntu 19.04 (Disco Dingo):released (5.0.0-1010.11)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-1010.11)
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needed ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.4.0-154.181~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needed now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1045.50)
Ubuntu 19.04 (Disco Dingo):released (4.15.0-1045.50)
Ubuntu 19.10 (Eoan):not-affected (4.15.0-1045.50)
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1017.19~16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1017.19)
Ubuntu 19.04 (Disco Dingo):released (4.15.0-1017.19)
Ubuntu 19.10 (Eoan):not-affected (4.15.0-1017.19)
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1114.123)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1040.43)
Ubuntu 19.04 (Disco Dingo):released (5.0.0-1012.12)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-1012.12)
Package
Upstream:released (5.2~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1118.124)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1057.62)
Ubuntu 19.04 (Disco Dingo):released (5.0.0-1016.17)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-1016.17)
More Information

Updated: 2019-10-09 08:05:07 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)