Linux kernel vulnerability
https://mikrotik.com/
Netflix has identified several TCP networking vulnerabilities in the Linux kernel that is used in RouterOS.
The MikroTik company announces that the vulnerabilities traced in CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 have been solved by releasing updates for RouterOS 6.45.1 and 6.44.5.
Jonathan Looney, a security expert at Netflix, found three Linux DoS vulnerabilities, two of them related to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities, and one related only to MSS.
https://securityaffairs.co/wordpress/87244/security/dos-flaws-linux-freebsd.html
Exploitation:
The vulnerability is exploitable on all Linux Kernel version of RouterOS that are not upgraded to 6.45.1 and 6.44.5. It causes a Denial of Service event from a TCP/MSS overflow Kernel Panic.
Attack surface:
According to shodan.io:
shodan count mikrotik
1711153today there are 1711153 MikroTik devices on the public Internet!
Mitigation:
for MikroTik devices upgrade to RouterOS 6.45.1 and 6.44.5
for Linux upgrade to Kernel 4.4.182, 4.9.182, 4.14.127, 4.19.52 or 5.1.11
regards,
.glitchlist crew