search

hiddify / hiddify-app

Multi-platform auto-proxy client, supporting Sing-box, X-ray, TUIC, Hysteria, Reality, Trojan, SSH etc. It’s an open-source, secure and ad-free.
https://hiddify.com
Other
17.86k stars 1.6k forks source link

Please solve TunnelVision attacks 1 #860

Open ghost opened 6 months ago

ghost commented 6 months ago

Search first

What Happened?

https://github.com/SagerNet/sing-box/releases/tag/v1.9.0-rc.16 https://sing-box.sagernet.org/manual/misc/tunnelvision/ https://www.cve.org/CVERecord?id=CVE-2024-3661 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3661

By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Many, if not most VPN systems based on IP routing are susceptible to such attacks.

Minimal Reproducible Example (MRE)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3661

Expected Behavior

just fix it, like singbox 1.9.0-rc16 that

Version

all version currently

Platform/OS

Android, Windows, macOS, Linux, iOS

Additional Context

No response

Application Config Options

No response

Relevant log output

No response

Are you willing to submit a PR? If you know how to fix the bug.

lymanjre commented 6 months ago

Hi, Thanks for informing us. We will consider checking it out.