Actions
Security #6669
closedip defrag: re-assembly error in bsd policy
Git IDs:
f1709ea551124e1a64fdc509993ad022ab27aa77
Severity:
MODERATE
Disclosure Date:
Description
Given a subsequent fragment that starts before an original fragment, and overlaps the beginning of the original fragment, Suricata has been preferring the data from the original fragment.
However, per the Novak-Sturges paper, the original fragment data should only be preferred if it has an offset <= to the new fragment.
Fix is to use the data from the new fragment if it has an offset less than the offset of the original fragment.
This is covered in the test bsd/peose/test9.
Updated by Victor Julien 7 months ago
- Status changed from In Review to Closed
- Git IDs updated (diff)
Updated by Victor Julien 7 months ago
- Private changed from Yes to No
Updated by Victor Julien 6 months ago
Credits: PhD thesis work from Lucas Aubard supervised by Johan Mazel, Gilles Guette and Pierre Chifflier
Actions