Project

General

Profile

Actions

Security #4513

closed

Evasion possibility on wrong/unexpected ACK value in crafted SYN packets

Added by Jeff Lucovsky over 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Label:
Git IDs:

f61ef79781605a5d1d75d8bf023da9552f781301

Severity:
CRITICAL
Disclosure Date:

Description

affected versions: all

Please see the pcap attached.
Basically it logs no HTTP even with midstream enabled.

The problem is the first packet right away as it has ACK value that we check and disregard the whole flow/session.But Windows and Linux accept those and everyone else it seems.

Please also see attached a test case(py file) and a patch by Eric.

The pcap can not be shared or made public except of the devs with access to this issue of course.


Files


Related issues 1 (0 open1 closed)

Copied from Suricata - Security #4504: tcp: Evasion possibility on wrong/unexpected ACK value in crafted SYN packetsClosedEric LeblondActions
Actions

Also available in: Atom PDF