{"id":35396,"date":"2019-10-31T22:04:04","date_gmt":"2019-10-31T19:04:04","guid":{"rendered":"https:\/\/prohoster.info\/blog\/uyazvimosti-v-tcp-stekah-linux-i-freebsd-privodyashhie-k-udalyonnomu-otkazu-v-obsluzhivanii\/"},"modified":"2019-10-31T22:04:04","modified_gmt":"2019-10-31T19:04:04","slug":"uyazvimosti-v-tcp-stekah-linux-i-freebsd-privodyashhie-k-udalyonnomu-otkazu-v-obsluzhivanii","status":"publish","type":"post","link":"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/uyazvimosti-v-tcp-stekah-linux-i-freebsd-privodyashhie-k-udalyonnomu-otkazu-v-obsluzhivanii","title":{"rendered":"Sicherheitsanf\u00e4lligkeiten in den TCP-Stacks von Linux und FreeBSD, die zu einem Remote Denial-of-Service f\u00fchren.","gt_translate_keys":[{"key":"rendered","format":"text"}]},"content":{"rendered":"<p>Die Firma Netflix <noindex><a rel=\"nofollow\" href=\"https:\/\/www.openwall.com\/lists\/oss-security\/2019\/06\/17\/5\">hat<\/a><\/noindex> mehrere kritische <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/Netflix\/security-bulletins\/blob\/master\/advisories\/third-party\/2019-001.md\">Schwachstellen<\/a><\/noindex> in den TCP-Stacks von Linux und FreeBSD identifiziert, die es erm\u00f6glichen, das Kernel remote zum Absturz zu bringen oder \u00fcberm\u00e4\u00dfigen Ressourcenverbrauch bei der Verarbeitung speziell gestalteter TCP-Pakete (packet-of-death) zu verursachen. Die Probleme <noindex><a rel=\"nofollow\" href=\"https:\/\/access.redhat.com\/security\/vulnerabilities\/tcpsack\">sind verursacht durch<\/a><\/noindex> Fehler in den Handhabungen der maximalen Segmentgr\u00f6\u00dfe in TCP-Paketen (MSS, Maximum Segment Size) und dem Mechanismus zur selektiven Best\u00e4tigung von Verbindungen (SACK, TCP Selective Acknowledgement).<\/p>\n<li class=\"l\"> <noindex><a rel=\"nofollow\" href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2019-11477\">CVE-2019-11477<\/a><\/noindex> (SACK-Panik) \u2014 das Problem tritt in Linux-Kernen ab Version 2.6.29 auf und erm\u00f6glicht einen Kernel-Panic durch das Senden einer Serie von SACK-Paketen, was aufgrund eines ganzzahligen \u00dcberlaufs im Handler geschieht. F\u00fcr den Angriff reicht es, den MSS-Wert f\u00fcr die TCP-Verbindung auf 48 Byte (die untere Grenze, die die Segmentgr\u00f6\u00dfe auf 8 Byte festlegt) zu setzen und eine sequenzielle Anordnung von SACK-Paketen zu senden.\n<p>Als Umgehungsma\u00dfnahmen zur Sicherheit kann die Verarbeitung von SACK deaktiviert werden (0 in \/proc\/sys\/net\/ipv4\/tcp_sack schreiben) oder <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/Netflix\/security-bulletins\/blob\/master\/advisories\/third-party\/2019-001\/block-low-mss\/README.md\">Verbindungen mit niedrigem MSS<\/a><\/noindex> blockiert werden (funktioniert nur, wenn sysctl net.ipv4.tcp_mtu_probing auf 0 gesetzt ist und kann einige normale Verbindungen mit niedrigem MSS beeintr\u00e4chtigen);<\/p>\n<li class=\"l\"> <noindex><a rel=\"nofollow\" href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2019-11478\">CVE-2019-11478<\/a><\/noindex> (SACK-Verlangsamung) \u2014 f\u00fchrt zu St\u00f6rungen im SACK-Mechanismus (bei Verwendung eines Linux-Kernels \u00e4lter als 4.15) oder zu \u00fcberm\u00e4\u00dfigem Ressourcenverbrauch. Das Problem tritt bei der Verarbeitung speziell gestalteter SACK-Pakete auf, die f\u00fcr die Fragmentierung der Wiederholungswarteschlange (TCP-Retransmission) verwendet werden k\u00f6nnen. Die Umgehungsschutzma\u00dfnahmen \u00e4hneln denen der vorherigen Schwachstelle;\n<li class=\"l\"> <noindex><a rel=\"nofollow\" href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2019-5599\">CVE-2019-5599<\/a><\/noindex> (SACK-Verlangsamung) \u2014 erm\u00f6glicht die Fragmentierung der Karte an gesendeten Paketen bei der Verarbeitung einer speziellen Sequenz von SACK innerhalb einer einzigen TCP-Verbindung und f\u00fchrt zur Ausf\u00fchrung einer ressourcenintensiven Operation zur Durchsuchung der Liste. Das Problem tritt in FreeBSD 12 mit dem RACK-Paketverlustdetektionsmechanismus auf. Als Umgehungsma\u00dfnahme kann das RACK-Modul deaktiviert werden;\n<li class=\"l\"> <noindex><a rel=\"nofollow\" href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2019-11478\">CVE-2019-11479<\/a><\/noindex> \u2014 Ein Angreifer kann im Linux-Kernel die Aufteilung der Antworten in mehrere TCP-Segmente verursachen, von denen jedes nur 8 Byte Daten enth\u00e4lt. Dies kann zu einer erheblichen Erh\u00f6hung des Datenverkehrs, einer h\u00f6heren CPU-Auslastung und einer \u00dcberlastung der Kommunikationskan\u00e4le f\u00fchren. Als Umgehungsschutz wird empfohlen <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/Netflix\/security-bulletins\/blob\/master\/advisories\/third-party\/2019-001\/block-low-mss\/README.md\">Verbindungen mit niedrigem MSS<\/a><\/noindex> Verbindungen mit niedrigem MSS.\n<\/ul>\n<p>Im Linux-Kernel wurden Probleme in den Versionen 4.4.182, 4.9.182, 4.14.127, 4.19.52 und 5.1.11 behoben. Der Fix f\u00fcr FreeBSD ist als <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/Netflix\/security-bulletins\/blob\/master\/advisories\/third-party\/2019-001\/split_limit.patch\">Patch<\/a><\/noindex>verf\u00fcgbar. In den Distributionen wurden bereits Updates f\u00fcr das Kernel-Paket ver\u00f6ffentlicht f\u00fcr <noindex><a rel=\"nofollow\" href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2019-11477\">Debian<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2019-11477\">RHEL<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/www.suse.com\/security\/cve\/CVE-2019-11477\/\">SUSE\/openSUSE<\/a><\/noindex>. Der Fix befindet sich in der Vorbereitung f\u00fcr <noindex><a rel=\"nofollow\" href=\"https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2019\/CVE-2019-11477.html\">Ubuntu<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/bodhi.fedoraproject.org\/updates\/?releases=F30&#038;type=security\">, aber bisher ist er noch nicht in<\/a><\/noindex> und <noindex><a rel=\"nofollow\" href=\"https:\/\/security.archlinux.org\/\">Arch Linux<\/a><\/noindex>.<\/p>\n<p><noindex><a rel=\"nofollow\" name=\"link\"><\/a><\/noindex><\/p>\n<p>Quelle: <a \ncontent=\"nofollow\" rel=\"nofollow\" href=\"https:\/\/www.opennet.ru\/opennews\/art.shtml?num=50889\">opennet.ru<\/a><\/p>","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"excerpt":{"rendered":"<p>\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Netflix \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 TCP-\u0441\u0442\u0435\u043a\u0430\u0445 Linux \u0438 FreeBSD, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u0440\u0430\u0445 \u044f\u0434\u0440\u0430 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0447\u0440\u0435\u0437\u043c\u0435\u0440\u043d\u043e\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u043d\u044b\u0445 TCP-\u043f\u0430\u043a\u0435\u0442\u043e\u0432 (packet-of-death). \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u044b\u0437\u0432\u0430\u043d\u044b \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u0445 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0431\u043b\u043e\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 TCP-\u043f\u0430\u043a\u0435\u0442\u0435 (MSS, Maximum segment size) \u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0432\u044b\u0431\u043e\u0440\u043e\u0447\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 (SACK, TCP Selective Acknowledgement). CVE-2019-11477 (SACK Panic) [&hellip;]<\/p>\n","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[702],"tags":[],"class_list":["post-35396","post","type-post","status-publish","format-standard","hentry","category-novosti-interneta"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.10 - aioseo.com -->\n\t<meta name=\"description\" content=\"\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Netflix \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 TCP-\u0441\u0442\u0435\u043a\u0430\u0445 Linux \u0438 FreeBSD, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u0440\u0430\u0445 \u044f\u0434\u0440\u0430 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0447\u0440\u0435\u0437\u043c\u0435\u0440\u043d\u043e\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u043d\u044b\u0445 TCP-\u043f\u0430\u043a\u0435\u0442\u043e\u0432 (packet-of-death). \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u044b\u0437\u0432\u0430\u043d\u044b \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u0445 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0431\u043b\u043e\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 TCP-\u043f\u0430\u043a\u0435\u0442\u0435 (MSS, Maximum segment size) \u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0432\u044b\u0431\u043e\u0440\u043e\u0447\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 (SACK, TCP Selective Acknowledgement). CVE-2019-11477 (SACK Panic)\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Yuri Gagarin\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/uyazvimosti-v-tcp-stekah-linux-i-freebsd-privodyashhie-k-udalyonnomu-otkazu-v-obsluzhivanii\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.10\" \/>\n\t\t<meta property=\"og:locale\" content=\"de_DE\" \/>\n\t\t<meta property=\"og:site_name\" content=\"ProHoster | \u041a\u0443\u043f\u0438\u0442\u044c \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439 \u0445\u043e\u0441\u0442\u0438\u043d\u0433 \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0441 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 DDoS, VPS VDS \u0441\u0435\u0440\u0432\u0435\u0440\u044b\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"\ud83e\udd47\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 TCP-\u0441\u0442\u0435\u043a\u0430\u0445 Linux \u0438 FreeBSD, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0435 \u043a \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u043c\u0443 \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 | ProHoster\" \/>\n\t\t<meta property=\"og:description\" content=\"\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Netflix \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 TCP-\u0441\u0442\u0435\u043a\u0430\u0445 Linux \u0438 FreeBSD, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u0440\u0430\u0445 \u044f\u0434\u0440\u0430 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0447\u0440\u0435\u0437\u043c\u0435\u0440\u043d\u043e\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u043d\u044b\u0445 TCP-\u043f\u0430\u043a\u0435\u0442\u043e\u0432 (packet-of-death). \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u044b\u0437\u0432\u0430\u043d\u044b \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u0445 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0431\u043b\u043e\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 TCP-\u043f\u0430\u043a\u0435\u0442\u0435 (MSS, Maximum segment size) \u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0432\u044b\u0431\u043e\u0440\u043e\u0447\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 (SACK, TCP Selective Acknowledgement). CVE-2019-11477 (SACK Panic)\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/uyazvimosti-v-tcp-stekah-linux-i-freebsd-privodyashhie-k-udalyonnomu-otkazu-v-obsluzhivanii\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg\" \/>\n\t\t<meta property=\"og:image:width\" content=\"350\" \/>\n\t\t<meta property=\"og:image:height\" content=\"350\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2019-10-31T19:04:04+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2019-10-31T19:04:04+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/prohoster\" \/>\n\t\t<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/prohoster\" \/>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"\ud83e\udd47 Sicherheitsanf\u00e4lligkeiten in den TCP-Stacks von Linux und FreeBSD, die zu einem Remote Denial of Service f\u00fchren | ProHoster","description":"Das Unternehmen Netflix hat mehrere kritische Sicherheitsanf\u00e4lligkeiten in den TCP-Stacks von Linux und FreeBSD entdeckt, die es erm\u00f6glichen, einen Kernabsturz oder eine \u00fcberm\u00e4\u00dfige Ressourcennutzung durch die Verarbeitung speziell gestalteter TCP-Pakete (packet-of-death) auszul\u00f6sen. Die Probleme wurden durch Fehler in den Handhabungen der maximalen Segmentgr\u00f6\u00dfe von TCP-Paketen (MSS, Maximum Segment Size) und dem Mechanismus f\u00fcr selektive Best\u00e4tigungen von Verbindungen (SACK, TCP Selective Acknowledgement) verursacht. CVE-2019-11477 (SACK Panic)","canonical_url":"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/uyazvimosti-v-tcp-stekah-linux-i-freebsd-privodyashhie-k-udalyonnomu-otkazu-v-obsluzhivanii","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":null,"og:locale":"de_DE","og:site_name":"ProHoster | \u041a\u0443\u043f\u0438\u0442\u044c \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439 \u0445\u043e\u0441\u0442\u0438\u043d\u0433 \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0441 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 DDoS, VPS VDS \u0441\u0435\u0440\u0432\u0435\u0440\u044b","og:type":"article","og:title":"\ud83e\udd47\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 TCP-\u0441\u0442\u0435\u043a\u0430\u0445 Linux \u0438 FreeBSD, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0435 \u043a \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u043c\u0443 \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 | ProHoster","og:description":"\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Netflix \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 TCP-\u0441\u0442\u0435\u043a\u0430\u0445 Linux \u0438 FreeBSD, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u0440\u0430\u0445 \u044f\u0434\u0440\u0430 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0447\u0440\u0435\u0437\u043c\u0435\u0440\u043d\u043e\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u043d\u044b\u0445 TCP-\u043f\u0430\u043a\u0435\u0442\u043e\u0432 (packet-of-death). \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u044b\u0437\u0432\u0430\u043d\u044b \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u0445 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0431\u043b\u043e\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 TCP-\u043f\u0430\u043a\u0435\u0442\u0435 (MSS, Maximum segment size) \u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0432\u044b\u0431\u043e\u0440\u043e\u0447\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 (SACK, TCP Selective Acknowledgement). CVE-2019-11477 (SACK Panic)","og:url":"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/uyazvimosti-v-tcp-stekah-linux-i-freebsd-privodyashhie-k-udalyonnomu-otkazu-v-obsluzhivanii","og:image":"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg","og:image:secure_url":"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg","og:image:width":350,"og:image:height":350,"article:published_time":"2019-10-31T19:04:04+00:00","article:modified_time":"2019-10-31T19:04:04+00:00","article:publisher":"https:\/\/www.facebook.com\/prohoster","article:author":"https:\/\/www.facebook.com\/prohoster"},"aioseo_meta_data":{"post_id":"35396","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":null,"schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"seo_analyzer_scan_date":"2026-01-21 23:03:19","breadcrumb_settings":null,"limit_modified_date":false,"reviewed_by":null,"ai":null,"created":"2021-02-28 17:03:04","updated":"2026-01-21 23:03:19"},"gt_translate_keys":[{"key":"link","format":"url"}],"_links":{"self":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts\/35396","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/comments?post=35396"}],"version-history":[{"count":0,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts\/35396\/revisions"}],"wp:attachment":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/media?parent=35396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/categories?post=35396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/tags?post=35396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}