Advisory ID | VMSA-2019-0010.3 |
Advisory Severity | Important |
CVSSv3 Range | 5.3 - 7.5 |
Synopsis | VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478) |
Issue Date | 2019-07-02 |
Updated On | 2019-11-21 |
CVE(s) | CVE-2019-11477, and CVE-2019-11478 |
Description:
There are two uniquely identifiable vulnerabilities associated with the Linux kernel implementation of SACK:
Known Attack Vectors:
A malicious actor must have network access to an affected system including the ability to send traffic with low MSS values to the target. Successful exploitation of these issues may cause the target system to crash or significantly degrade performance.
Resolution:
To remediate CVE-2019-11477 and CVE-2019-11478 update/upgrade to the versions listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.
Workarounds:
Some VMware Virtual Appliances can workaround CVE-2019-11477 and CVE-2019-11478 by either disabling SACK or by modifying the built in firewall (if available) in the base OS of the product to drop incoming connections with a low MSS value. In-product workarounds (if available) have been enumerated in the 'Workarounds' column of the 'Resolution Matrix' found below.
Additional Documentations:
None.
Acknowledgements:
None.
Response Matrix:
Product | Version | Running On | CVE Identifier | CVSSV3 | Severity | Fixed Version | Workarounds | Additional Documents |
AppDefense | 2.x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 2.2.1 | None | None |
Container Service Extension | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important |
Patch Pending | None |
None |
Enterprise PKS | 1.4.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
Enterprise PKS | 1.3.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 1.3.7 | None | None |
Horizon DaaS | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
Hybrid Cloud Extension | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
Identity Manager | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
Integrated OpenStack | 5.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 5.1.0.3 | None | None |
Integrated OpenStack | 4.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 4.1.2.3 | None | None |
NSX for vSphere | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 6.4.6 | KB71311 |
None |
NSX-T Data Center | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 2.5.0 | None | None |
Pulse Console | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
SD-WAN Edge by VeloCloud | x.x | Any | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 3.3.0 | None | None |
SD-WAN Gateway by VeloCloud | x.x | Any | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 3.3.0 | None | None |
SD-WAN Orchestrator by VeloCloud | x.x | Any | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 3.3.0 | None | None |
Site Recovery Manager | 8.2.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 8.2.0.1 | None | None |
Site Recovery Manager | x.x | Windows | CVE-2019-11477, CVE-2019-11478 | N/A | N/A | Unaffected | N/A | N/A |
Skyline Collector | 1.x, 2.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 2.2 | None | None |
Unified Access Gateway | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 3.6 | KB70899 |
None |
vCenter Server Appliance | 6.7 | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 6.7u2c | None | None |
vCenter Server Appliance | 6.5 | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 6.5u3 | None | None |
vCenter Server Appliance | 6.0 | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
vCloud Availability Appliance | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
vCloud Director For Service Providers | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | KB70900 | None |
vCloud Usage Meter | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
vRealize Automation | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
vRealize Business for Cloud | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
vRealize Code Stream | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
vRealize Log Insight | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | KB70892 | None |
vRealize Network Insight | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
vRealize Operations Manager | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | KB71029 | None |
vRealize Orchestrator Appliance | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
vRealize Suite Lifecycle Manager | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
vSphere Data Protection | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
vSphere Integrated Containers | x.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
vSphere Replication | 8.2.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 8.2.0.1 | None | None |
vSphere Replication | 8.1.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
vSphere Replication | 6.5.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | 6.5.1.4 | None | None |
vSphere Replication | 6.1.x | Virtual Appliance | CVE-2019-11477, CVE-2019-11478 | 7.5 | Important | Patch Pending | None | None |
4. References
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478
Fixed Version(s) and Release Notes:
AppDefense 2.2.1
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=APPDEFENSE-221&productId=742&rPId=35078
Documentation:
https://docs.vmware.com/en/VMware-AppDefense/221/rn/appdefense-plugin-221-release-notes.html
Enterprise PKS 1.3.7
Download:
https://network.pivotal.io/products/pivotal-container-service/#/releases/384407
Documentation:
https://docs.vmware.com/en/VMware-Enterprise-PKS/1.3/rn/VMware-PKS-13-Release-Notes.html#v1.3.7
Integrated OpenStack 5.1.0.3
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VIO-5103&productId=821&rPId=36089
Integrated OpenStack 4.1.2.3
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VIO-4123&productId=709&rPId=36084
Site Recovery Manager 8.2.0.1 Virtual Appliance
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=SRM8201&productId=889&rPId=35694
Unified Access Gateway 3.6
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=UAG-36&productId=897&rPId=34577
vCenter Server Appliance 6.7u2c
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VC67U2C&productId=742&rPId=34693
vCenter Server Appliance 6.5u3
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VC65U3&productId=614&rPId=34639
SD-WAN Edge by VeloCloud 3.3.0
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=SD-WAN-EDGE-330&productId=899&rPId=34579
SD-WAN Gateway by VeloCloud 3.3.0
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=SD-WAN-VCG-330&productId=899&rPId=34582
SD-WAN Orchestrator by VeloCloud 3.3.0
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=SD-WAN-ORC-330-2&productId=899&rPId=34580
vSphere Replication 8.2.0.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VR8201&productId=742&rPId=35626
vSphere Replication 6.5.1.4
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VR6514&productId=614&rPId=35279
Workarounds:
https://kb.vmware.com/s/article/70900
https://kb.vmware.com/s/article/70899
https://kb.vmware.com/s/article/71311
https://kb.vmware.com/s/article/70892
https://kb.vmware.com/s/article/71029
5. Change log
2019-07-02: VMSA-2019-0010
Initial security advisory detailing remediations and/or workarounds for SD-WAN, Unified Access Gateway, vCenter Server Appliance, and vCloud Director For Service Providers.
2019-07-24: VMSA-2019-0010.1
Updated security advisory with remediation information for the vCenter 6.7 and AppDefense 2.x release lines and removed Horizon from affected products as it was incorrectly listed.
2019-08-08: VMSA-2019-0010.2
Updated security advisory with remediation information for the vSphere Replication 6.5.x release line.
6. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com
E-mail: security@vmware.com
PGP key at:
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2019 VMware Inc. All rights reserved.