CVE-2019-18792

Current Description

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet.

Basic Data

PublishedJanuary 06, 2020
Last ModifiedJanuary 30, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-94
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.4
SeverityMEDIUM
Exploitability Score10.0
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSuricata-idsSuricata********4.1.54.1.6
    2.3ApplicationSuricata-idsSuricata********5.0.05.1.0

Vulnerable Software List

VendorProductVersions
Suricata-ids Suricata *

References

NameSourceURLTags
https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4bhttps://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4bCONFIRMPatch Third Party Advisory
https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006CONFIRMPatch Third Party Advisory
[debian-lts-announce] 20200130 [SECURITY] [DLA 2087-1] suricata security updatehttps://lists.debian.org/debian-lts-announce/2020/01/msg00032.htmlMLIST
https://redmine.openinfosecfoundation.org/issues/3324https://redmine.openinfosecfoundation.org/issues/3324MISCExploit Third Party Advisory
https://redmine.openinfosecfoundation.org/issues/3394https://redmine.openinfosecfoundation.org/issues/3394MISCExploit Third Party Advisory