Project

General

Profile

Actions
Copy link

Security #7411

closed
VJ VJ

tcp: generic detection bypass using TCP urgent support

Security #7411: tcp: generic detection bypass using TCP urgent support

Added by Victor Julien over 1 year ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
8.0.0-beta1
Affected Versions:
Label:
CVE:
2024-55629
Git IDs:

6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7
779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8
d11e8a8ee7fb2cb2da0567de16bde344e1313f36

Severity:
HIGH
Disclosure Date:

Description

TCP urgent is not supported specifically by Suricata, but it's also very unclear that good support would look like. A whole range of RFC's define, redefine the concept, and real work implementations appear to match none of them. Since the behavior is not only OS specific, but can also depend on OS-wide settings and per application settings, it's impossible to reliably support all possible cases of TCP urgent.

Therefore, the idea is to implement a packet normalizer (#1979) that can strip the behavior, or simply drop the packets.

Reported by Team Superflat.

Subtasks 1 (0 open1 closed)

Security #7412: tcp: generic detection bypass using TCP urgent support (7.0.x backport)ClosedVictor JulienActions

OT Updated by OISF Ticketbot over 1 year ago Actions
Copy link
 #1

  • Subtask #7412 added

OT Updated by OISF Ticketbot over 1 year ago Actions
Copy link
 #2

  • Label deleted (Needs backport to 7.0)

VJ Updated by Victor Julien over 1 year ago Actions
Copy link
 #4

  • Status changed from In Progress to Closed
  • Git IDs updated (diff)
  • Severity changed from MODERATE to HIGH

JF Updated by Juliana Fajardini Reichow 9 months ago Actions
Copy link
 #5

  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom