To implement the workaround for CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479 perform the following steps:
- Login to each vRealize Business for Cloud Virtual Appliance in the cluster as root via SSH or Console.
- Run the following commands:
iptables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
ip6tables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
To confirm that the workaround for CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479 has been correctly applied perform the following steps:
- Login to each vRealize Business for Cloud Virtual Appliance in the cluster as root via SSH or Console.
- Run the following commands:
iptables -L | grep tcpmss
ip6tables -L | grep tcpmss
To remove the workaround for CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479 at a later time perform the following steps:
- Login to each vRealize Business for Cloud Virtual Appliance in the cluster as root via SSH or Console.
- Run the following commands:
iptables -D INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
ip6tables -D INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
For up-to-date information on CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479 as well as future security information please add your email address to the "Sign up for Security Advisories" window found in
VMSA-2019-0010 .