My Blog

VMware Security Advisories

Advisory ID VMSA-2019-0010
Advisory Severity Important
CVSSv3 Range 5.3 – 7.5
Synopsis VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)
Issue Date 2019-07-02
Updated On 2019-07-02 (Initial Advisory)
CVE(s) CVE-2019-11477, and CVE-2019-11478
1. Impacted Products
  • AppDefense
  • Container Service Extension
  • Enterprise PKS
  • Horizon
  • Horizon DaaS
  • Hybrid Cloud Extension
  • Identity Manager
  • Integrated OpenStack
  • NSX for vSphere
  • NSX-T Data Center
  • Pulse Console
  • SD-WAN Edge by VeloCloud
  • SD-WAN Gateway by VeloCloud
  • SD-WAN Orchestrator by VeloCloud
  • Skyline Collector
  • Unified Access Gateway
  • vCenter Server Appliance
  • vCloud Availability Appliance
  • vCloud Director For Service Providers
  • vCloud Usage Meter
  • vRealize Automation
  • vRealize Business for Cloud
  • vRealize Code Stream
  • vRealize Log Insight
  • vRealize Network Insight
  • vRealize Operations Manager
  • vRealize Orchestrator Appliance
  • vRealize Suite Lifecycle Manager
  • vSphere Data Protection
  • vSphere Integrated Containers
  • vSphere Replication
2. Introduction
Several vulnerabilities in the Linux kernel implementation of TCP Selective Acknowledgement (SACK) have been disclosed. These issues may allow a malicious entity to execute a Denial of Service attack against affected products.
3. Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) CVE-2019-11477, CVE-2019-11478

Description:

There are two uniquely identifiable vulnerabilities associated with the Linux kernel implementation of SACK:

  • CVE-2019-11477 – SACK Panic – A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
  • CVE-2019-11478 – SACK  Excess Resource Usage – a crafted sequence of SACKs will fragment the TCP retransmission queue, causing resource exhaustion. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Known Attack Vectors:

A malicious actor must have network access to an affected system including the ability to send traffic with low MSS values to the target.  Successful exploitation of these issues may cause the target system to crash or significantly degrade performance.

Resolution:

To remediate CVE-2019-11477 and CVE-2019-11478 update/upgrade to the versions listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

Workarounds:

Some VMware Virtual Appliances can workaround CVE-2019-11477 and CVE-2019-11478 by either disabling SACK or by modifying the built in firewall (if available) in the base OS of the product to drop incoming connections with a low MSS value. In-product workarounds (if available) have been enumerated in the ‘Workarounds’ column of the ‘Resolution Matrix’ found below.

Additional Documentations:

None.

Acknowledgements:

None.

Response Matrix:

Product Version Running On CVE Identifier CVSSV3 Severity Fixed Version Workarounds Additional Documents
AppDefense x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
Container Service Extension x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
Enterprise PKS x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
Horizon x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
Horizon DaaS x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
Hybrid Cloud Extension x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
Identity Manager x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
Integrated OpenStack x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
NSX for vSphere x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
NSX-T Data Center x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
Pulse Console x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
SD-WAN Edge by VeloCloud x.x Any CVE-2019-11477, CVE-2019-11478 7.5 Important 3.3.0 None None
SD-WAN Gateway by VeloCloud x.x Any CVE-2019-11477, CVE-2019-11478 7.5 Important 3.3.0 None None
SD-WAN Orchestrator by VeloCloud x.x Any CVE-2019-11477, CVE-2019-11478 7.5 Important 3.3.0 None None
Skyline Collector x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
Unified Access Gateway x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important 3.6  KB70899 None
vCenter Server Appliance 6.7 Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vCenter Server Appliance 6.5 Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important 6.5u3 None None
vCenter Server Appliance 6.0 Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vCloud Availability Appliance x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vCloud Director For Service Providers x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending KB70900 None
vCloud Usage Meter x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vRealize Automation x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vRealize Business for Cloud x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vRealize Code Stream x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vRealize Log Insight x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vRealize Network Insight x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vRealize Operations Manager x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vRealize Orchestrator Appliance x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vRealize Suite Lifecycle Manager x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vSphere Data Protection x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vSphere Integrated Containers x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None
vSphere Replication x.x Virtual Appliance CVE-2019-11477, CVE-2019-11478 7.5 Important Patch Pending None None

5. Change log
2019-07-02: VMSA-2019-0010

Initial security advisory detailing remediations and/or workarounds for SD-WAN, Unified Access Gateway, vCenter Server Appliance, and vCloud Director For Service Providers.

my-tracker_cpteVMware Security Advisories