CVE-2019-11477 PoC — Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs

Source

https://github.com/sasqwatch/cve-2019-11477-poc

Associated Vulnerability

Title:Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs (CVE-2019-11477)
Description:Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Readme

# cve-2019-11477-poc

## Simple Test
1. Start two VMs
 - one for an SSL server and the other for an SSL client

2. [Server] Execute the server application
 - cd apps
 - ./server.sh 7000

3. [Client] Install the required packages
 - sudo apt-get install libmnl-dev
 - sudo apt-get install libnetfilter-queue-dev

4. [Client] Add one record to /etc/hosts in the VM for a client
 - <the IP Address of the server> www.alice.com

5. [Client] Insert the kernel module into the client's VM
 - cd module
 - make
 - sudo insmod interceptor.ko

6. [Client] Execute the craft netfilter application
 - cd craft
 - make
 - sudo ./craft

7. [Client] Execute the client application
 - cd apps
 - ./client.sh www.alice.com 7000 index.html

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →