Urgent/11

11 zero day vulnerabilities

6 vulnérabilités 0-day critiques :

  1. Stack overflow in the parsing of IPv4 packets IP options (CVE-2019-12256)
  2. TCP Urgent Pointer = 0 leads to integer underflow (CVE-2019-12255)
  3. TCP Urgent Pointer state confusion caused by malformed TCP AO option (CVE-2019-12260)
  4. TCP Urgent Pointer state confusion during connect to a remote host (CVE-2019-12261)
  5. TCP Urgent Pointer state confusion due to race condition (CVE-2019-12263)
  6. Heap overflow in DHCP Offer/ACK parsing in ipdhcpc (CVE-2019-12257)

And 5 vulnerabilities that can lead to denial-of-service, logical errors or information leaks

  1. TCP connection DoS via malformed TCP options (CVE-2019-12258)
  2. Handling of unsolicited Reverse ARP replies (Logical Flaw) (CVE-2019-12262)
  3. Logical flaw in IPv4 assignment by the ipdhcpc DHCP client (CVE-2019-12264)
  4. DoS via NULL dereference in IGMP parsing (CVE-2019-12259)
  5. IGMP Information leak via IGMPv3 specific membership report (CVE-2019-12265)

La plupart des versions de SonicWall sont impactées et un correctif a été publié par SonicWall.

Ressources en ligne (fichier PDF) :https://go.armis.com/hubfs/White-papers/Urgent11%20Technical%20White%20Paper.pdf