| VID |
14150 |
| Severity |
40 |
| Port |
23 |
| Protocol |
TCP |
| Class |
TELNET |
| Detailed Description |
A denial of service vulnerability exists according to the Linux kernel information on the remote host.
- A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets (CVE-2018-5390)
- A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. (CVE-2018-5391, CVE-2018-6922)
* References:
https://www.kb.cert.org/vuls/id/332928
https://www.ghostscript.com/doc/current/Use.htm#Safer
https://www.exploit-db.com/exploits/45243/?rss
* Platforms Affected:
Linux Kernel 4.9 or later 4.x versions
Linux Kernel 3.9 or later 3.x versions |
| Recommendation |
- Linux kernel installed manually
Apply the latest version by referring to the following.
https://www.kernel.org/
- Redhat
Apply the latest version by referring to the following.
https://access.redhat.com/articles/3553061
https://access.redhat.com/security/cve/cve-2018-5390
https://access.redhat.com/security/cve/cve-2018-5391
- Ubuntu :
Apply the latest version by referring to the following.
https://usn.ubuntu.com/
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5390.html
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5391.html
https://security-tracker.debian.org/tracker/CVE-2018-6922
- CentOS
Apply the latest version by referring to the following.
https://lists.centos.org/pipermail/centos-announce/2018-August/022984.html
https://lists.centos.org/pipermail/centos-announce/2018-August/022983.html |
| Related URL |
CVE-2018-5390,CVE-2018-5391,CVE-2018-6922 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
