MikroTik – Kernel Vulnerability

glitchlist Blog Leave a Comment

Linux kernel vulnerability
Netflix has identified several TCP networking vulnerabilities in the Linux kernel that is used in RouterOS.

https://mikrotik.com/

The MikroTik company announces that the vulnerabilities traced in CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 have been solved by releasing updates for RouterOS 6.45.1 and 6.44.5.

Jonathan Looney, a security expert at Netflix, found three Linux DoS vulnerabilities, two of them related to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities, and one related only to MSS.

https://securityaffairs.co/wordpress/87244/security/dos-flaws-linux-freebsd.html

Exploitation:

The vulnerability is exploitable on all Linux Kernel version of RouterOS that are not upgraded to 6.45.1 and 6.44.5. It causes a Denial of Service event from a TCP/MSS overflow Kernel Panic.

Attack surface:

According to shodan.io:

shodan count mikrotik 
1711153

today there are 1711153 MikroTik devices on the public Internet!

Mitigation:

for MikroTik devices upgrade to RouterOS 6.45.1 and 6.44.5
for Linux upgrade to Kernel 4.4.182, 4.9.182, 4.14.127, 4.19.52 or 5.1.11

regards,

.glitchlist crew

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.