Netflix Researchers Discovered 4 Vulnerabilities that Could Cause Chaos in Data Centers

Share :

Researchers of the popular TV and movie streaming service Netflix have identified and resolved four major Linux and FreeBSD vulnerabilities.

These vulnerabilities, associated with TCP Selective Acknowledgement (SACK) and minimum segment size (SSP) capabilities, possessed the ability to cripple networking on affected systems by introducing a distributed denial of service.

Victims of such attacks would experience throttled servers, system overloads, and crashes.

Graphic design of "updates" parachute holding a "version 3.0" box

What Was Exposed and Needs Patching

CVE-2019-11477: SACK Panic

Attackers could induce a series of SACKs, triggering an integer overflow and ultimately causing a kernel panic. Simply put, this vulnerability left untreated allows a hacker to create a system crash.

CVE-2019-11478: SACK Slowness

This vulnerability, which affects only Linux servers, allows bad actors to send a crafted sequence of SACKs, which will fragment the TCP retransmission queue. This causes the affected server to over-consume resources and bandwidth, leading to lowered system performance, and allowing the hacker to process malicious requests to the server.

CVE-2019-5599: SACK Slowness

This vulnerability is similar to the second vulnerability, but specifically for FreeBSD users.

CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values

An attacker can remotely manipulate the Linux kernel to segment its responses into multiple TCP segments. This significantly drives up the bandwidth usage needed to process the same amount of data, causing an overload. In addition, it uses additional resources (CPU and NIC processing power).

Left untreated, these vulnerabilities can cause havoc, but there are patches and workarounds for each vulnerability.

Netflix quickly resolved the situation, but companies must apply the proper patches quickly to ensure they aren’t victimized. Leaving your data security up to chance makes you vulnerable to bad actors.

Protect Your Company with Security Operations Solutions 

Vulnerabilities and data breaches cause more damage and cost organizations more in budget and reputation each year. That’s why companies must guard their sensitive information vigilantly. A third-party security operations center (SOC) solution lets organizations benefit from comprehensive cybersecurity protection without having to heavily invest in building and maintaining a SOC internally. 

Arctic Wolf® Managed Risk enables you to define and contextualize your attack surface coverage across your networks, endpoints, and cloud environments; provides you with the risk priorities in your environment; and advises you on your remediation actions to ensure that you benchmark against configuration best practices and continually harden your security posture. 

If you’re looking to safeguard your company against vulnerabilities, data breaches, and other threats, find out why security operations solutions are often the difference between staying safe and being victimized. 

Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Subscribe to our Monthly Newsletter