TCP SACK Vulnerabilities

3 TCP SACK Vulnerabilities have been identified in Linux kernels higher than v 2.6.29 and need to be patched immediately.

The vulnerability does not enable privilege escalation, and does not allow an attacker access to any privileged information.

To update, you should run the relevant command on your Linux system to install the updates.

On Redhat/CentOS, issue the commands:
$ sudo yum clean all
$ sudo yum update

For Debian/Ubuntu, issue the commands :
$ sudo apt-get clean
$ sudo apt-get update
$ sudo apt-get upgrade

Once completed, you will need to reboot your server.

WorkAround

You can temporarily disable sack until the next reboot by using the following command:

$ echo 0 > /proc/sys/net/ipv4/tcp_sack

This will allow you to keep your server active until you can schedule a convenient time to do the kernel update and reboot.