Resource exhaustion due to sessions stuck in LAST_ACK state (CVE-2015-5358)
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2015-013 | CVE-2015-5358 | 07/21/2015 | high | v1 |
Vulnerability details
A TCP socket enters the LAST_ACK state when the local process closes its socket after a FIN has already been received from the remote peer. The socket will remain in the LAST_ACK state until the kernel has transmitted a FIN to the remote peer and the kernel has received an acknowledgement of that FIN from the remote peer, or all retransmits of the FIN have failed and the connection times out.
TCP connections transitioning to the LAST_ACK state can become permanently stuck due to mishandling of protocol state in certain situations, which in turn can lead to accumulated consumption and eventual exhaustion of system resources, such as mbufs and sockets.
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Stormshield Network Security | high | SNS uses a vulnerable version of FreeBSD |
| Netasq | high | Netasq uses a vulnerable version of FreeBSD |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | Initial release |
Stormshield Network Security |
CVSS v2 Overall Score: 7.1
|
Analysis |
Impacted version |
|
An attacker who can repeatedly establish TCP connections to a victim system could create many TCP connections that are stuck in LAST_ACK state and cause resource exhaustion, resulting in a denial of service condition. This may also happen in normal operation where no intentional attack is conducted, but an attacker who can send specifically crafted packets can trigger this more reliably. |
|
Workaround solution |
Solution |
|
There is no workaround solution. |
The v1.4.0 and v2.1.2 update will fix this vulnerability. |
| Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
|---|---|---|---|---|---|
| Network | Medium | None | None | None | Complete |
| CVSS Base score: 7.1 | CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C) |
| Exploitability | Remediation Level | Report Confidence |
|---|---|---|
| High | Unavailable | Confirmed |
| CVSS Temporal score: 7.1 | CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:H/RL:U/RC:C) |
| Collateral Damage Potential | Target Distribution |
|---|---|
| None | High [76-100%] |
| CVSS Environmental score: 7.1 | CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:H/RL:U/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND) |
Netasq |
CVSS v2 Overall Score: 7.1
|
Analysis |
Impacted version |
|
An attacker who can repeatedly establish TCP connections to a victim system could create many TCP connections that are stuck in LAST_ACK state and cause resource exhaustion, resulting in a denial of service condition. This may also happen in normal operation where no intentional attack is conducted, but an attacker who can send specifically crafted packets can trigger this more reliably. |
|
Workaround solution |
Solution |
|
There is no workaround solution. |
The v9.1.6 update will fix this vulnerability. |
| Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
|---|---|---|---|---|---|
| Network | Medium | None | None | None | Complete |
| CVSS Base score: 7.1 | CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C) |
| Exploitability | Remediation Level | Report Confidence |
|---|---|---|
| High | Unavailable | Confirmed |
| CVSS Temporal score: 7.1 | CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:H/RL:U/RC:C) |
| Collateral Damage Potential | Target Distribution |
|---|---|
| None | High [76-100%] |
| CVSS Environmental score: 7.1 | CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:H/RL:U/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND) |