Actions
Security #4512
closed
JL
VJ
Evasion possibility on wrong/unexpected ACK value in crafted SYN packets
Security #4512:
Evasion possibility on wrong/unexpected ACK value in crafted SYN packets
Git IDs:
54ebee6f516f983a21d952ec6cf4292ed8ba9d8d
Severity:
CRITICAL
Disclosure Date:
Description
affected versions: all
Please see the pcap attached.
Basically it logs no HTTP even with midstream enabled.
The problem is the first packet right away as it has ACK value that we check and disregard the whole flow/session.But Windows and Linux accept those and everyone else it seems.
Please also see attached a test case(py file) and a patch by Eric.
The pcap can not be shared or made public except of the devs with access to this issue of course.
Files
JL Updated by Jeff Lucovsky almost 5 years ago
- Copied from Security #4504: tcp: Evasion possibility on wrong/unexpected ACK value in crafted SYN packets added
SB Updated by Shivani Bhardwaj almost 5 years ago
- Status changed from New to In Review
- Assignee changed from Shivani Bhardwaj to Victor Julien
VJ Updated by Victor Julien almost 5 years ago
- Status changed from In Review to Closed
VJ Updated by Victor Julien almost 5 years ago
- Priority changed from High to Normal
- CVE set to 2021-35063
- Git IDs updated (diff)
- Severity set to CRITICAL
VJ Updated by Victor Julien over 4 years ago
- Private changed from Yes to No
Actions