Re: [tcpm] TCP segment reassembly vulnerability
Caitlin Bestler <cait@asomi.com> Thu, 09 August 2018 20:12 UTC
Return-Path: <cait@asomi.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7DB7130E77 for <tcpm@ietfa.amsl.com>; Thu, 9 Aug 2018 13:12:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft3309700.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mun4scdE0qUO for <tcpm@ietfa.amsl.com>; Thu, 9 Aug 2018 13:12:02 -0700 (PDT)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-bn3nam04on0716.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe4e::716]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E30C130E41 for <tcpm@ietf.org>; Thu, 9 Aug 2018 13:12:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT3309700.onmicrosoft.com; s=selector1-asomi-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GPE3+weaKzvt1qz1KxDbc8s4dXf3iYoTKH1Pq202nAs=; b=kT5+KlEAAK7Hlbf6g73VZ8pDattbOpyV1mtM1qz599QJUj8VPOl4zAHqcKC6WTfveIo3pVTQbWMux0wifolv5/smS7gy7G8jSwdtMm+T1f5RO4oY2EZLXmGOl/wTUb2YfcMBWxumkSeGOcC+4UihPKQkdDQtSvYFFs5vnE4iJ6o=
Received: from SN6PR11MB2606.namprd11.prod.outlook.com (52.135.91.27) by SN6PR11MB2846.namprd11.prod.outlook.com (52.135.93.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1038.19; Thu, 9 Aug 2018 20:11:59 +0000
Received: from SN6PR11MB2606.namprd11.prod.outlook.com ([fe80::ddc5:5460:7da9:c964]) by SN6PR11MB2606.namprd11.prod.outlook.com ([fe80::ddc5:5460:7da9:c964%4]) with mapi id 15.20.1038.019; Thu, 9 Aug 2018 20:11:59 +0000
From: Caitlin Bestler <cait@asomi.com>
To: Loganaden Velvindron <loganaden@gmail.com>, "tcpm@ietf.org Extensions" <tcpm@ietf.org>
Thread-Topic: [tcpm] TCP segment reassembly vulnerability
Thread-Index: AQHUMBDc+yngLnimCk2VyjEQkFD99KS32fhv
Date: Thu, 09 Aug 2018 20:11:59 +0000
Message-ID: <SN6PR11MB26069983A24EE191F9FD1033D3250@SN6PR11MB2606.namprd11.prod.outlook.com>
References: <CAOp4FwRpO1t5hqv-QGfDi3G7SSRy43Kf+GEirDT24GFJh8r03Q@mail.gmail.com>
In-Reply-To: <CAOp4FwRpO1t5hqv-QGfDi3G7SSRy43Kf+GEirDT24GFJh8r03Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=cait@asomi.com;
x-originating-ip: [67.207.101.170]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR11MB2846; 6:tXRh/sQ5CgViJhYW1VoihszUz7rugRK4AMdsKUghb/bawIymSs+d5FyaeP/e2vN2YDU2evjEXz0YkWB+on1lbj226W00s37tRdvS7F84Sdudo6DL67PRYlHuaPZtOVTKRQQgXHLxqJcwuYiUjkwdPniU1QKhjuZofQWg8mA9iQX+hh84qP1qQ/fDfKnixzGy79kWfe9wfAlcy/ZwOtB3AknPjCSU9X70OVnaafvpWwBoPln3YlixMvAU5md90bUySFcNXc+N0Uhd1CAXEElPaHz39jD0Jw4maTaaKnuzTDqBNPtAZglsz1haLwqTI5JM1s9hd2G6G4meeI5SuxMENvVO3+vYQ4dp+KhPc3Ju/0WWFkr00+uiiMxlzhE7fyxlAN2ugZYhcsjCcsBwB47d1Vy9BUgrmuzBYlOATfuv8ft7enFzvxcnKh/EIoGBp2ET9VNdpGvQNUrEsWn2Sp25Pw==; 5:UrTxYXpKHYngohIKb3xdnqkaFPteeTinXvkzGfL9ppHOZEDInQoIEoeGxsZhyCho9OhH0+6LXZiB94rRhV6qbeBKdrNJoP3R4/+NJuo4juu3QhOSPWZ5+Jb3wamr6m6akmRyxcyBNh0EOaZDBY8w2VrTcQbk1+64+FOBhlL4+Qc=; 7:u94LBxZfsuZx6HKEKSDxWOB9UY8cJls5v2RXEpuYz94YNsCWux5zvwOsaV3mWThMlf1tlueEjJ0iJ9fBmDvOT8FJdyeuLPHJvpIVSMOXzkLQug0t6lTrUt3RgUgKe8hW7lopVEH4KNjBlefkMgij80IB+miZ6jnnEA9zhHql0oEWTZda5ZwEdWQX7hOkqTwy133QkUMzQWXB/MUOwpzB7NUYcXQiD1joEpL2gJVWLQHfIILw8QN0gLL7bTi8bksg
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 7b8efbc7-21ac-4f4b-9b8d-08d5fe345d0c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(7021125)(8989117)(4534165)(7022125)(4603075)(4627221)(201702281549075)(8990107)(7048125)(7024125)(7027125)(7028125)(7023125)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:SN6PR11MB2846;
x-ms-traffictypediagnostic: SN6PR11MB2846:
x-microsoft-antispam-prvs: <SN6PR11MB28468C7E00C1A931C88979B2D3250@SN6PR11MB2846.namprd11.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(85827821059158)(84791874153150);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231311)(944501410)(52105095)(149027)(150027)(6041310)(20161123558120)(20161123564045)(20161123562045)(2016111802025)(20161123560045)(6072148)(6043046)(201708071742011)(7699016); SRVR:SN6PR11MB2846; BCL:0; PCL:0; RULEID:; SRVR:SN6PR11MB2846;
x-forefront-prvs: 0759F7A50A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(39830400003)(396003)(136003)(366004)(189003)(199004)(14454004)(186003)(105586002)(106356001)(25786009)(39060400002)(966005)(2900100001)(33656002)(478600001)(99286004)(14444005)(256004)(81156014)(97736004)(81166006)(8936002)(19627405001)(102836004)(53546011)(6506007)(68736007)(8676002)(26005)(5660300001)(76176011)(66066001)(53936002)(3846002)(7696005)(6436002)(6116002)(54896002)(6306002)(606006)(229853002)(86362001)(55016002)(5250100002)(6246003)(9686003)(316002)(236005)(2906002)(446003)(575784001)(7736002)(110136005)(74316002)(486006)(11346002)(476003)(6606003); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR11MB2846; H:SN6PR11MB2606.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: asomi.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: sHV7sa2CWUofDbtewdRCbRlH97R9xWdHYEazejaJgoJCCntfaJFuPypTHDpd1dFLKrC1vAGB7XDvoKhNAGX2x1kgT0GXMHci2LwNdXf3BZB5lqu38akmvI1h3Wa8Jb2PH6QyelsEI9TadQs7EGR+I2zEc7QQKTrKgxMd+9HFgkTup5U58pCcyBDeaJyYHlNgmgg+uOJLFM2aC8aVkRDC2l/jvE/48bQm+Bwb9WrCISwr0CBTvMEV1buPOFhQctup3ir8MzATOP7bIw5OoRem/vpMYMELqRv17GbfFdt3vX56KYAnuJbssBgpHcaH5b6rWRdbcW8lk26BhtCmEuaxb+GM/l1pi5DY5uPQDbYP8lg=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN6PR11MB26069983A24EE191F9FD1033D3250SN6PR11MB2606namp_"
MIME-Version: 1.0
X-OriginatorOrg: asomi.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7b8efbc7-21ac-4f4b-9b8d-08d5fe345d0c
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Aug 2018 20:11:59.3155 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a90e44c6-9570-49f9-9cdb-dff096fd98a3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2846
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/lvnUfum0ADeXVT0LCoTj4XXsbsg>
Subject: Re: [tcpm] TCP segment reassembly vulnerability
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Aug 2018 20:12:05 -0000
My reading of the two citations show that the issue can be addressed adequately by implementers already without the need for any guidance from the IETF. ________________________________ From: tcpm <tcpm-bounces@ietf.org> on behalf of Loganaden Velvindron <loganaden@gmail.com> Sent: Thursday, August 9, 2018 11:43:10 AM To: tcpm@ietf.org Extensions Subject: [tcpm] TCP segment reassembly vulnerability It appears to be an issue on multiple implementations. AFAIK, it's due to lack of limits for the reassembly logic when the segments enter the queue. FreeBSD: https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc Linux: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e Perhaps it might be worth documenting those solutions and possible workarounds. Thoughts ? _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] TCP segment reassembly vulnerability Loganaden Velvindron
- Re: [tcpm] TCP segment reassembly vulnerability Caitlin Bestler