2019-04-23 19:00:50 +00:00
{
2020-01-15 20:01:19 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "security@ubuntu.com" ,
"DATE_PUBLIC" : "2019-06-17T00:00:00.000Z" ,
"ID" : "CVE-2019-11479" ,
"STATE" : "PUBLIC"
2019-04-23 19:00:50 +00:00
} ,
2020-01-15 20:01:19 +00:00
"affects" : {
"vendor" : {
"vendor_data" : [
2019-06-17 16:21:26 -07:00
{
2020-01-15 20:01:19 +00:00
"product" : {
"product_data" : [
2019-06-17 16:21:26 -07:00
{
2020-01-15 20:01:19 +00:00
"product_name" : "Linux kernel" ,
"version" : {
"version_data" : [
2019-06-17 16:21:26 -07:00
{
2020-01-15 20:01:19 +00:00
"version_affected" : "<" ,
"version_name" : "4.4" ,
"version_value" : "4.4.182"
2019-06-17 16:21:26 -07:00
} ,
{
2020-01-15 20:01:19 +00:00
"version_affected" : "<" ,
"version_name" : "4.9" ,
"version_value" : "4.9.182"
2019-06-17 16:21:26 -07:00
} ,
{
2020-01-15 20:01:19 +00:00
"version_affected" : "<" ,
"version_name" : "4.14" ,
"version_value" : "4.14.127"
2019-06-17 16:21:26 -07:00
} ,
{
2020-01-15 20:01:19 +00:00
"version_affected" : "<" ,
"version_name" : "4.19" ,
"version_value" : "4.19.52"
2019-06-17 16:21:26 -07:00
} ,
{
2020-01-15 20:01:19 +00:00
"version_affected" : "<" ,
"version_name" : "5.1" ,
"version_value" : "5.1.11"
2019-06-17 16:21:26 -07:00
}
]
}
}
]
} ,
2020-01-15 20:01:19 +00:00
"vendor_name" : "Linux"
2019-06-17 16:21:26 -07:00
}
]
}
} ,
2020-01-15 20:01:19 +00:00
"credit" : [
2019-06-17 16:21:26 -07:00
{
2020-01-15 20:01:19 +00:00
"lang" : "eng" ,
"value" : "Jonathan Looney from Netflix"
2019-06-17 16:21:26 -07:00
}
] ,
2020-01-15 20:01:19 +00:00
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363."
2019-06-17 16:21:26 -07:00
}
]
} ,
2020-01-15 20:01:19 +00:00
"generator" : {
"engine" : "Vulnogram 0.0.7"
2019-06-17 16:21:26 -07:00
} ,
2020-01-15 20:01:19 +00:00
"impact" : {
"cvss" : {
"attackComplexity" : "LOW" ,
"attackVector" : "NETWORK" ,
"availabilityImpact" : "LOW" ,
"baseScore" : 5.3 ,
"baseSeverity" : "MEDIUM" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"privilegesRequired" : "NONE" ,
"scope" : "UNCHANGED" ,
"userInteraction" : "NONE" ,
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" ,
"version" : "3.0"
2019-06-17 16:21:26 -07:00
}
} ,
2020-01-15 20:01:19 +00:00
"problemtype" : {
"problemtype_data" : [
2019-06-17 16:21:26 -07:00
{
2020-01-15 20:01:19 +00:00
"description" : [
2019-06-17 16:21:26 -07:00
{
2020-01-15 20:01:19 +00:00
"lang" : "eng" ,
"value" : "CWE-405 Asymmetric Resource Consumption (Amplification)"
2019-06-17 16:21:26 -07:00
}
]
2019-04-23 19:00:50 +00:00
}
]
2019-06-17 16:21:26 -07:00
} ,
2020-01-15 20:01:19 +00:00
"references" : {
"reference_data" : [
2019-06-19 15:00:48 +00:00
{
2020-01-15 20:01:19 +00:00
"refsource" : "BID" ,
"name" : "108818" ,
"url" : "http://www.securityfocus.com/bid/108818"
2019-06-19 20:00:46 +00:00
} ,
2019-06-20 20:00:46 +00:00
{
2020-01-15 20:01:19 +00:00
"refsource" : "CERT-VN" ,
"name" : "VU#905115" ,
"url" : "https://www.kb.cert.org/vuls/id/905115"
2019-06-25 07:00:47 +00:00
} ,
2019-06-25 13:00:48 +00:00
{
2020-01-15 20:01:19 +00:00
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:1594" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:1594"
2019-06-25 21:00:48 +00:00
} ,
{
2020-01-15 20:01:19 +00:00
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:1602" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:1602"
2019-06-27 00:00:51 +00:00
} ,
2019-06-28 21:00:58 +00:00
{
2020-01-15 20:01:19 +00:00
"refsource" : "MLIST" ,
"name" : "[oss-security] 20190628 Re: linux-distros membership application - Microsoft" ,
"url" : "http://www.openwall.com/lists/oss-security/2019/06/28/2"
2019-06-29 07:01:03 +00:00
} ,
{
2020-01-15 20:01:19 +00:00
"refsource" : "UBUNTU" ,
"name" : "USN-4041-2" ,
"url" : "https://usn.ubuntu.com/4041-2/"
2019-07-07 00:01:00 +00:00
} ,
{
2020-01-15 20:01:19 +00:00
"refsource" : "MLIST" ,
"name" : "[oss-security] 20190706 Re: linux-distros membership application - Microsoft" ,
"url" : "http://www.openwall.com/lists/oss-security/2019/07/06/3"
2019-07-07 00:01:00 +00:00
} ,
{
2020-01-15 20:01:19 +00:00
"refsource" : "MLIST" ,
"name" : "[oss-security] 20190706 Re: linux-distros membership application - Microsoft" ,
"url" : "http://www.openwall.com/lists/oss-security/2019/07/06/4"
2019-07-08 12:01:06 +00:00
} ,
{
2020-01-15 20:01:19 +00:00
"refsource" : "REDHAT" ,
"name" : "RHSA-2019:1699" ,
"url" : "https://access.redhat.com/errata/RHSA-2019:1699"
2019-07-08 19:00:48 +00:00
} ,
{
2020-01-15 20:01:19 +00:00
"refsource" : "UBUNTU" ,
"name" : "USN-4041-1" ,
"url" : "https://usn.ubuntu.com/4041-1/"
2019-09-10 13:00:52 +00:00
} ,
2020-10-20 22:02:32 +00:00
{
"url" : "https://www.oracle.com/security-alerts/cpujan2020.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpujan2020.html"
} ,
{
"url" : "https://www.oracle.com/security-alerts/cpuoct2020.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpuoct2020.html"
} ,
{
"refsource" : "MISC" ,
"url" : "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" ,
"name" : "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
} ,
{
"refsource" : "MISC" ,
"url" : "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" ,
"name" : "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
} ,
{
"refsource" : "MISC" ,
"url" : "https://access.redhat.com/security/vulnerabilities/tcpsack" ,
"name" : "https://access.redhat.com/security/vulnerabilities/tcpsack"
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" ,
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://www.synology.com/security/advisory/Synology_SA_19_28" ,
"url" : "https://www.synology.com/security/advisory/Synology_SA_19_28"
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://security.netapp.com/advisory/ntap-20190625-0001/" ,
"url" : "https://security.netapp.com/advisory/ntap-20190625-0001/"
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10287" ,
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10287"
} ,
2019-09-10 13:00:52 +00:00
{
2020-01-15 20:01:19 +00:00
"refsource" : "CONFIRM" ,
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" ,
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
2019-09-24 16:01:00 +00:00
} ,
{
2020-01-15 20:01:19 +00:00
"refsource" : "MISC" ,
"name" : "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" ,
"url" : "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
2019-10-09 20:01:06 +00:00
} ,
{
2020-01-15 20:01:19 +00:00
"refsource" : "CONFIRM" ,
2020-10-20 22:02:32 +00:00
"name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" ,
"url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
2020-01-14 15:46:23 -08:00
} ,
{
2020-01-15 20:01:19 +00:00
"refsource" : "MISC" ,
2020-10-20 22:02:32 +00:00
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" ,
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363"
2020-06-19 19:01:22 +00:00
} ,
{
"refsource" : "MISC" ,
2020-10-20 22:02:32 +00:00
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" ,
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6"
2020-09-15 21:01:32 +00:00
} ,
{
"refsource" : "CONFIRM" ,
2020-10-20 22:02:32 +00:00
"name" : "https://support.f5.com/csp/article/K35421172" ,
"url" : "https://support.f5.com/csp/article/K35421172"
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" ,
"url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008"
2020-10-20 12:39:21 -07:00
} ,
{
2020-10-20 22:02:32 +00:00
"refsource" : "CONFIRM" ,
"name" : "https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS" ,
"url" : "https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS"
} ,
{
"refsource" : "MISC" ,
"name" : "https://www.us-cert.gov/ics/advisories/icsma-20-170-06" ,
"url" : "https://www.us-cert.gov/ics/advisories/icsma-20-170-06"
2019-06-17 16:21:26 -07:00
}
]
} ,
2020-01-15 20:01:19 +00:00
"source" : {
"defect" : [
2019-06-17 16:21:26 -07:00
"https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832286"
] ,
2020-01-15 20:01:19 +00:00
"discovery" : "UNKNOWN"
2019-04-23 19:00:50 +00:00
}
2019-06-19 00:00:51 +00:00
}
