Project

General

Profile

Actions
Copy link

Bug #1238

closed
J. VJ

Possible evasion in stream-tcp-reassemble.c

Bug #1238: Possible evasion in stream-tcp-reassemble.c

Added by JmpCallPoo . almost 12 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
2.0.3
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hello,

A possible evasion exist in Suricata.
The client can send a fake ACK whith a very low window size, to flag the stream as STREAMTCP_STREAM_FLAG_GAP.

This will be more clear with the PoC in attachement.

@JmpCallPoo

Files

Download all files
deseq_ACK.py (1.73 KB) deseq_ACK.py JmpCallPoo ., 07/16/2014 06:42 AM
deseq_ACK.py (1.72 KB) deseq_ACK.py Clean one JmpCallPoo ., 07/16/2014 09:30 AM

J. Updated by JmpCallPoo . almost 12 years ago Actions
Copy link
 #1

Oops :D

J. Updated by JmpCallPoo . almost 12 years ago Actions
Copy link
 #2

VJ Updated by Victor Julien almost 12 years ago Actions
Copy link
 #3

Thanks for your report. I have a patch here: https://github.com/inliniac/suricata/pull/1039, care to test it?

VJ Updated by Victor Julien over 11 years ago Actions
Copy link
 #4

  • Status changed from New to Closed
  • Assignee set to Victor Julien
  • Target version set to 2.0.3
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: PDF Atom