Main Vulnerability Database SB2019120905

SB2019120905 - Insecure default configuration in systemd

Published: December 9, 2019 Updated: March 7, 2020

Security Bulletin ID SB2019120905

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insecure configuration (CVE-ID: CVE-2019-14899)

The vulnerability allows a remote attacker to hijack VPN session of the victim.

The vulnerability exists due to default configuration change in the "sysctl.d/50-default.conf" file that sets "net.ipv4.conf.all.rp_filter = 2" . A remote attacker on the same local network as the victim can determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use.

Successful exploitation of this vulnerability may allows an attacker to hijack VPN session.

Remediation

Install update from vendor's website.

References

https://seclists.org/oss-sec/2019/q4/124