VMSA-2019-0010:VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK)

VMware

0 more products

23555

01 July 2019

01 July 2019

CLOSED

HIGH

5.3 - 7.5

CVE-2019-11477,CVE-2019-11478

VMware Security Advisories

Advisory IDVMSA-2019-0010.3
Advisory SeverityImportant
CVSSv3 Range5.3 - 7.5
SynopsisVMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)
Issue Date2019-07-02
Updated On2020-02-25
CVE(s)CVE-2019-11477, and CVE-2019-11478
1. Impacted Products
  • AppDefense
  • Container Service Extension
  • Enterprise PKS
  • Horizon DaaS
  • Hybrid Cloud Extension
  • Identity Manager
  • Integrated OpenStack
  • NSX for vSphere
  • NSX-T Data Center
  • Pulse Console
  • SD-WAN Edge by VeloCloud
  • SD-WAN Gateway by VeloCloud
  • SD-WAN Orchestrator by VeloCloud
  • Skyline Collector
  • Unified Access Gateway
  • vCenter Server Appliance
  • vCloud Availability Appliance
  • vCloud Director For Service Providers
  • vCloud Usage Meter
  • vRealize Automation
  • vRealize Business for Cloud
  • vRealize Code Stream
  • vRealize Log Insight
  • vRealize Network Insight
  • vRealize Operations Manager
  • vRealize Orchestrator Appliance
  • vRealize Suite Lifecycle Manager
  • vSphere Data Protection
  • vSphere Integrated Containers
  • vSphere Replication
2. Introduction
Several vulnerabilities in the Linux kernel implementation of TCP Selective Acknowledgement (SACK) have been disclosed. These issues may allow a malicious entity to execute a Denial of Service attack against affected products.
3. Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) CVE-2019-11477, CVE-2019-11478

Description:

There are two uniquely identifiable vulnerabilities associated with the Linux kernel implementation of SACK:

  • CVE-2019-11477 - SACK Panic - A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
  • CVE-2019-11478 - SACK  Excess Resource Usage - a crafted sequence of SACKs will fragment the TCP retransmission queue, causing resource exhaustion. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Known Attack Vectors:

A malicious actor must have network access to an affected system including the ability to send traffic with low MSS values to the target.  Successful exploitation of these issues may cause the target system to crash or significantly degrade performance.

Resolution:

To remediate CVE-2019-11477 and CVE-2019-11478 update/upgrade to the versions listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

Workarounds:

Some VMware Virtual Appliances can workaround CVE-2019-11477 and CVE-2019-11478 by either disabling SACK or by modifying the built in firewall (if available) in the base OS of the product to drop incoming connections with a low MSS value. In-product workarounds (if available) have been enumerated in the 'Workarounds' column of the 'Resolution Matrix' found below.

Additional Documentations:

None.

Acknowledgements:

None.

Response Matrix:

ProductVersionRunning OnCVE IdentifierCVSSV3SeverityFixed VersionWorkaroundsAdditional Documents
AppDefense2.x.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important2.2.1NoneNone
Container Service Extension2.x.yVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important
2.5.0None
None
Enterprise PKS1.4.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important1.4.3NoneNone
Enterprise PKS1.3.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important1.3.7NoneNone
Horizon DaaSx.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5ImportantPatch PendingNoneNone
Hybrid Cloud Extension3.x.yVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important3.5.2NoneNone
Identity Manager3.x.yVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important3.3.1NoneNone
Integrated OpenStack5.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important5.1.0.3NoneNone
Integrated OpenStack4.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important4.1.2.3NoneNone
NSX for vSpherex.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important6.4.6KB71311
None
NSX-T Data Centerx.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important2.5.0NoneNone
Pulse Console1.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5ImportantNo Patch PlannedNoneNone
SD-WAN Edge by VeloCloudx.xAnyCVE-2019-11477, CVE-2019-114787.5Important3.3.0NoneNone
SD-WAN Gateway by VeloCloudx.xAnyCVE-2019-11477, CVE-2019-114787.5Important3.3.0NoneNone
SD-WAN Orchestrator by VeloCloudx.xAnyCVE-2019-11477, CVE-2019-114787.5Important3.3.0NoneNone
Site Recovery Manager8.2.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important8.2.0.1NoneNone
Site Recovery Managerx.xWindowsCVE-2019-11477, CVE-2019-11478N/AN/AUnaffectedN/AN/A
Skyline Collector1.x, 2.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important2.2NoneNone
Unified Access Gatewayx.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important3.6 KB70899
None
vCenter Server Appliance6.7Virtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important6.7u2cNoneNone
vCenter Server Appliance6.5Virtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important6.5u3NoneNone
vCenter Server Appliance6.0Virtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important6.0u3jNoneNone
vCloud Availability Appliance3.x.yVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important3.0.2NoneNone
vCloud Director For Service Providers9.7.x.yVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important9.7.0.2KB70900None
vCloud Director For Service Providers9.5.x.yVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important9.5.0.4KB70900None
vCloud Usage Meter4.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important4.1.0.1NoneNone
vRealize Automation7.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important8.0.0KB77078None
vRealize Business for Cloud7.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5ImportantNo Patch PlannedKB77201
None
vRealize Code Streamx.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5ImportantPatch PendingNoneNone
vRealize Log Insightx.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important8.1.1KB70892None
vRealize Network Insight4.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important4.2NoneNone
vRealize Operations Managerx.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important8.0.0KB71029None
vRealize Orchestrator Appliance7.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important8.0.0NoneNone
vRealize Suite Lifecycle Managerx.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important8.0NoneNone
vSphere Data Protectionx.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5ImportantNo Patch PlannedNoneNone
vSphere Integrated Containers1.x.yVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important1.5.3NoneNone
vSphere Replication8.2.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important8.2.0.1NoneNone
vSphere Replication8.1.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5ImportantPatch PendingNoneNone
vSphere Replication6.5.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5Important6.5.1.4NoneNone
vSphere Replication6.1.xVirtual ApplianceCVE-2019-11477, CVE-2019-114787.5ImportantNo Patch PlannedNoneNone

4. References

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478

 

Fixed Version(s) and Release Notes:

 

AppDefense 2.2.1

Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=APPDEFENSE-221&productId=742&rPId=35078

Documentation:

https://docs.vmware.com/en/VMware-AppDefense/221/rn/appdefense-plugin-221-release-notes.html

 

Container Service Extension 2.5.0

Downloads and Documentation:

https://github.com/vmware/container-service-extension/releases/tag/2.5.0

 

Enterprise PKS 1.4.3

Downloads and Documentation:

https://network.pivotal.io/products/pivotal-container-service/#/releases/473809

 

Enterprise PKS 1.3.7

Download:
https://network.pivotal.io/products/pivotal-container-service/#/releases/384407
Documentation:
https://docs.vmware.com/en/VMware-Enterprise-PKS/1.3/rn/VMware-PKS-13-Release-Notes.html#v1.3.7

 

Hybrid Cloud Extension 3.5.2

Downloads and Documentation:

https://my.vmware.com/en/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_hcx/3_5_2

 

Identity Manager 3.3.1
Downloads and Documentation:

https://my.vmware.com/web/vmware/details?downloadGroup=VIDM_ONPREM_3310&productId=938&rPId=40716

 

Integrated OpenStack 5.1.0.3

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?downloadGroup=VIO-5103&productId=821&rPId=36089

 

Integrated OpenStack 4.1.2.3

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?downloadGroup=VIO-4123&productId=709&rPId=36084

 

Site Recovery Manager 8.2.0.1 Virtual Appliance
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=SRM8201&productId=889&rPId=35694

Unified Access Gateway 3.6

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?downloadGroup=UAG-36&productId=897&rPId=34577

 

vCenter Server Appliance 6.7u2c
Downloads and Documentation:

https://my.vmware.com/web/vmware/details?downloadGroup=VC67U2C&productId=742&rPId=34693

 

vCenter Server Appliance 6.5u3

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?downloadGroup=VC65U3&productId=614&rPId=34639

 

vCenter Server Appliance 6.0u3j

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?downloadGroup=VC60U3J&productId=491&rPId=38009

 

vCloud Availability 3.0.2

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?downloadGroup=VCAV3&productId=872&rPId=34687

 

vCloud Director For Service Providers 9.7.0.2

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?productId=867&downloadGroup=VSPP_VCD9702

 

vCloud Director For Service Providers 9.5.0.4

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?productId=804&downloadGroup=VSPP_VCD9504

 

vCloud Usage Meter 4.1.0.1

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?downloadGroup=UMSV41&productId=929&rPId=37630

 

vRealize Automation 8.0

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?productId=935&rPId=40695&downloadGroup=VRA-800

 

SD-WAN Edge by VeloCloud 3.3.0

Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=SD-WAN-EDGE-330&productId=899&rPId=34579

 

SD-WAN Gateway by VeloCloud 3.3.0
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=SD-WAN-VCG-330&productId=899&rPId=34582

 

SD-WAN Orchestrator by VeloCloud 3.3.0
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=SD-WAN-ORC-330-2&productId=899&rPId=34580

 

vRealize Log Insight 8.1.1

Downloads and Documentation:

https://my.vmware.com/en/web/vmware/downloads/details?downloadGroup=VRLI-811&productId=993&rPId=47157

 

vRealize Network Insight 4.2.0

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?downloadGroup=VRNI-420&productId=832&rPId=35011

 

vRealize Operations 8.0.0

Downloads and Documentation:

https://my.vmware.com/en/web/vmware/downloads/details?downloadGroup=VROPS-800&productId=940&rPId=40733

 

vRealize Orchestrator Appliance 8.0.0

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?productId=742&downloadGroup=VROVA-800

 

vRealize Suite Lifecycle Manager 8.0

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?productId=938&rPId=40713&downloadGroup=VRSLCM-800

 

vSphere Integrated Containers 1.5.3

Downloads and Documentation:

https://my.vmware.com/web/vmware/details?productId=843&rPId=37633&downloadGroup=VIC153

 

vSphere Replication 8.2.0.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VR8201&productId=742&rPId=35626

vSphere Replication 6.5.1.4
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VR6514&productId=614&rPId=35279

Workarounds:

 

https://kb.vmware.com/s/article/70900
https://kb.vmware.com/s/article/70899
https://kb.vmware.com/s/article/71311
https://kb.vmware.com/s/article/70892
https://kb.vmware.com/s/article/71029
https://kb.vmware.com/s/article/77201
https://kb.vmware.com/s/article/77078

 

5. Change log
 

2019-07-02: VMSA-2019-0010

 

Initial security advisory detailing remediations and/or workarounds for SD-WAN, Unified Access Gateway, vCenter Server Appliance, and vCloud Director For Service Providers.

2019-07-24: VMSA-2019-0010.1

 

Updated security advisory with remediation information for the vCenter 6.7 and AppDefense 2.x release lines and removed Horizon from affected products as it was incorrectly listed.

 

2019-08-08: VMSA-2019-0010.2

 

Updated security advisory with remediation information for the vSphere Replication 6.5.x release line.

 

6. Contact

 

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the following lists:

  [email protected]

  [email protected]

  [email protected]

 

E-mail: [email protected]

PGP key at:

https://kb.vmware.com/kb/1055

 

VMware Security Advisories

https://www.vmware.com/security/advisories

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2019 VMware Inc. All rights reserved.