Project

General

Profile

Actions
Copy link

Security #7411

closed

tcp: generic detection bypass using TCP urgent support

Added by Victor Julien 7 months ago. Updated about 12 hours ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
8.0.0-beta1
Affected Versions:
Label:
CVE:
2024-55629
Git IDs:

6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7
779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8
d11e8a8ee7fb2cb2da0567de16bde344e1313f36

Severity:
HIGH
Disclosure Date:

Description

TCP urgent is not supported specifically by Suricata, but it's also very unclear that good support would look like. A whole range of RFC's define, redefine the concept, and real work implementations appear to match none of them. Since the behavior is not only OS specific, but can also depend on OS-wide settings and per application settings, it's impossible to reliably support all possible cases of TCP urgent.

Therefore, the idea is to implement a packet normalizer (#1979) that can strip the behavior, or simply drop the packets.

Reported by Team Superflat.

Subtasks 1 (0 open1 closed)

Security #7412: tcp: generic detection bypass using TCP urgent support (7.0.x backport)ClosedVictor JulienActions
Actions
Copy link
 #1

Updated by OISF Ticketbot 7 months ago

  • Subtask #7412 added
Actions
Copy link
 #2

Updated by OISF Ticketbot 7 months ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #4

Updated by Victor Julien 7 months ago

  • Status changed from In Progress to Closed
  • Git IDs updated (diff)
  • Severity changed from MODERATE to HIGH
Actions
Copy link
 #5

Updated by Juliana Fajardini Reichow about 12 hours ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF