SynopsisThe remote device is missing a vendor-supplied security patch
DescriptionThe remote host is running a version of RancherOS prior to v1.5.3, hence is exposed to multiple vulnerabilities:
- Linux Kernel is prone to a remote integer-overflow vulnerability.
An attacker can exploit this issue to cause denial-of-service conditions. (CVE-2019-11477)
- RancherOS is vulnerable to a denial of service; by crafting a sequence of SACKs, an attacker can cause fragmentation of the TCP transmission queue, leading to higher resource use. (CVE-2019-11478)
- Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. (CVE-2019-11479)
SolutionUpgrade to RancherOS v1.5.3 or later