From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 7ABDF3B29E; Tue, 18 Jun 2019 17:23:29 -0400 (EDT) Received: by mail-io1-xd41.google.com with SMTP id e5so33335585iok.4; Tue, 18 Jun 2019 14:23:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=pJ6k5mNfuuQiDWw7j3uN9AC4Ds5yGE0gZqaytoIos1U=; b=jY0ay87cmt6CnVWpNy13v09IAeX6PduhZXroqZpfHspx+WFmsF6shQmmE+HtEDqFNi YFSPLFsMSVY2766DxhGkqcrcSkXAeT+0Bk18dNAxiaPqe44bssKfQuzp3wCVgZdaK4Vt aelCI3v07r1yaZPmOt02EoKejTavZ92nCW2VVgWoHPouf9UFLPbcul3XYkqcs/cSgIkN xkViL+SjH7xhsB+Ec2VPQ1gVH/1WUCAw6jM1Szm+f4taRCF08FT/Z7+yDqjYHdCM78vF wxC5RtjwpzMmSY6Q47Kid6ad0eIsLzEWcjRaD81Pre7U8BP9LHEN9o+U9uM5hZLGu9dm 573g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=pJ6k5mNfuuQiDWw7j3uN9AC4Ds5yGE0gZqaytoIos1U=; b=uJeBi/rdadKXMLJj/eXPgLpYSpMQaQiTS6N8jmRYnlpnJ+O1qKPxHL7FC4/vUNmT0n 6AOngzpAcSnM3KtyqL9XFJH2gNupIr3AD1jsc2Vs0uJIyRkUBZpd2oRP1i4h0KfJM0c9 C13zNeluMkMKk0M5tZTGrVXLhKW19sq2kdp/OApNxtwBQ20+fxDdq5YLEWfGi/Dk+Si7 Xigl5yCy7aSI4PJSR1LuFUYqVoTXUHndsMT91RJ4wWAbBQMW9WWJriYwCPLsJGr29fMV l91tVG17pWQDOrRtAsiMdWIvOqXAn+vr2TL6BDew2oAFRiEjs2CU72DQDJLjOb94/FF6 VHaQ== X-Gm-Message-State: APjAAAX4uotgp8KuE6xlc7PBWtoNsxQ86IrV076nocXTGWtlz5IlO1nC q6oYcoqG5eatnuMBjqMmN+PoBVe4bjCDou3gAMu/2Dsx X-Google-Smtp-Source: APXvYqy8LuMRMFgqG+7dE+BDT/llrmIOIkSKN+N/hQlWMnEO3RlasvkVlGv7S3/DzMCNNbm/vnzRKri+oBTvQ72qtRo= X-Received: by 2002:a05:6602:2183:: with SMTP id b3mr6491320iob.249.1560893008606; Tue, 18 Jun 2019 14:23:28 -0700 (PDT) MIME-Version: 1.0 From: Dave Taht Date: Tue, 18 Jun 2019 14:23:19 -0700 Message-ID: To: cerowrt-devel , bloat Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: [Cerowrt-devel] sack panic CVEs X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jun 2019 21:23:29 -0000 Apparently people are exploiting this in the wild. https://github.com/Netflix/security-bulletins/blob/master/advisories/third-= party/2019-001.md CeroWrt - if anyone is still running it, does have a web server that might be vulnerable, same for the ssh port. openwrt as well, well... *Anybody* with an exposed tcp server of just about any sort on freebsd or linux seems vulnerable to the first bug, which causes a kernel panic. Ironically I had been pushing over on ecn-sane to experiment with lowering the MSS to keep signal strength up in highly congested scenarios. Apparently, someone found another use for the idea. There is an iptables workaround,, documented here: https://forum.openwrt.org/t/sack-panic-multiple-tcp-based-remote-denial-of-= service-vulnerabilities/39028/7 I remember the "ping O death" which cost me christmas in the early 90s. I've been watching the patches to the kernel land and wishing I was somewhere else. --=20 Dave T=C3=A4ht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740