Resource exhaustion due to sessions stuck in LAST_ACK state (CVE-2015-5358)

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2015-013 CVE-2015-5358 07/21/2015 high v1

Vulnerability details

A TCP socket enters the LAST_ACK state when the local process closes its socket after a FIN has already been received from the remote peer. The socket will remain in the LAST_ACK state until the kernel has transmitted a FIN to the remote peer and the kernel has received an acknowledgement of that FIN from the remote peer, or all retransmits of the FIN have failed and the connection times out.

TCP connections transitioning to the LAST_ACK state can become permanently stuck due to mishandling of protocol state in certain situations, which in turn can lead to accumulated consumption and eventual exhaustion of system resources, such as mbufs and sockets.

Impacted products

ProductsSeverityDetail
Stormshield Network Security high SNS uses a vulnerable version of FreeBSD
Netasq high Netasq uses a vulnerable version of FreeBSD

Revisions

Version Date Description
v1 Initial release


Stormshield Network Security

CVSS v2 Overall Score: 7.1      

Analysis

Impacted version

An attacker who can repeatedly establish TCP connections to a victim system could create many TCP connections that are stuck in LAST_ACK state and cause resource exhaustion, resulting in a denial of service condition. This may also happen in normal operation where no intentional attack is conducted, but an attacker who can send specifically crafted packets can trigger this more reliably.

  • SNS v1.0 to v1.3.4
  • SNS v2.0 to v2.1.1

Workaround solution

Solution

There is no workaround solution.

The v1.4.0 and v2.1.2 update will fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Medium None None None Complete
CVSS Base score: 7.1 CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Exploitability Remediation Level Report Confidence
High Unavailable Confirmed
CVSS Temporal score: 7.1 CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:H/RL:U/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 7.1 CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:H/RL:U/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)


Netasq

CVSS v2 Overall Score: 7.1      

Analysis

Impacted version

An attacker who can repeatedly establish TCP connections to a victim system could create many TCP connections that are stuck in LAST_ACK state and cause resource exhaustion, resulting in a denial of service condition. This may also happen in normal operation where no intentional attack is conducted, but an attacker who can send specifically crafted packets can trigger this more reliably.

  • Netasq v8.0.0 and above
  • Netasq v9.0.0 and above
  • Netasq v9.1.0 to v9.1.5.3

Workaround solution

Solution

There is no workaround solution.

The v9.1.6 update will fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Medium None None None Complete
CVSS Base score: 7.1 CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Exploitability Remediation Level Report Confidence
High Unavailable Confirmed
CVSS Temporal score: 7.1 CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:H/RL:U/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 7.1 CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:H/RL:U/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)