CVE-2019-18792

Current Description

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet.

Basic Data

PublishedJanuary 06, 2020
Last ModifiedJanuary 21, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-94
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.4
SeverityMEDIUM
Exploitability Score10.0
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSuricata-idsSuricata********5.0.05.1.0
    2.3ApplicationSuricata-idsSuricata********4.1.54.1.6

Vulnerable Software List

VendorProductVersions
Suricata-ids Suricata *

References

NameSourceURLTags
https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006CONFIRMhttps://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006Exploit Patch Patch Exploit
https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4bCONFIRMhttps://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4bThird Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory
https://redmine.openinfosecfoundation.org/issues/3324MISChttps://redmine.openinfosecfoundation.org/issues/3324
https://redmine.openinfosecfoundation.org/issues/3394MISChttps://redmine.openinfosecfoundation.org/issues/3394