Lucene search

Ubuntu.comUB:CVE-2019-18792

HistoryJan 06, 2020 - 12:00 a.m.

CVE-2019-18792

2020-01-0600:00:00

ubuntu.com

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.01

Percentile

84.1%

JSON

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade
any tcp based signature by overlapping a TCP segment with a fake FIN
packet. The fake FIN packet is injected just before the PUSH ACK packet we
want to bypass. The PUSH ACK packet (containing the data) will be ignored
by Suricata because it overlaps the FIN packet (the sequence and ack number
are identical in the two packets). The client will ignore the fake FIN
packet because the ACK flag is not set. Both linux and windows clients are
ignoring the injected packet.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsuricata< anyUNKNOWN
ubuntu16.04noarchsuricata< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	suricata	< any	UNKNOWN
ubuntu	16.04	noarch	suricata	< any	UNKNOWN

References

github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b

github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b (master-4.1.x)

github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006

github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006 (suricata-5.0.1)

launchpad.net/bugs/cve/CVE-2019-18792

nvd.nist.gov/vuln/detail/CVE-2019-18792

redmine.openinfosecfoundation.org/issues/3324

redmine.openinfosecfoundation.org/issues/3394

security-tracker.debian.org/tracker/CVE-2019-18792

www.cve.org/CVERecord?id=CVE-2019-18792

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.01

Percentile

84.1%

JSON

Related for UB:CVE-2019-18792