[Buildroot] [PATCH 1/1] package/suricata: fix CVE-2019-18792
Peter Korsgaard
peter at korsgaard.com
Sat Mar 14 18:24:09 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> An issue was discovered in Suricata 5.0.0. It is possible to
> bypass/evade any tcp based signature by overlapping a TCP segment with a
> fake FIN packet. The fake FIN packet is injected just before the PUSH
> ACK packet we want to bypass. The PUSH ACK packet (containing the data)
> will be ignored by Suricata because it overlaps the FIN packet (the
> sequence and ack number are identical in the two packets). The client
> will ignore the fake FIN packet because the ACK flag is not set. Both
> linux and windows clients are ignoring the injected packet.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2019.11.x (not in 2019.02.x), thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list