Every time I replace an old hard disk by a newer or bigger one I think that I'll wipe it later. Now I have a big amount of hard disks to wipe. Since wiping takes ages, I don't want to use my personal computer for that. I would prefer a small device with low energy consumption just for wiping. That's why I am going to build a "Nukestation". Basically it's just a Raspberry Pi with nwipe on it and a udev-rule for automatically wipe attached hard disks. But some extras would be nice...
- System affected: suricata
- Software-Version: prior to 4.1
Impact: Code-Execution. The impact for this vulnerability is considered as low because an attacker could exploit this for code execution only if the configuration-file is not protected properly.
- System affected: Suricata-Update
- Software-Version: 1.0.0a1
- User-Interaction: Not required
- Impact: Remote-Code-Execution
The list of possible sources for suricata-update is downloaded from "https://www.openinfosecfoundation.org/rules/index.yaml" per default. Suricata-Update uses the insecure yaml.load()-function which could lead to remote code execution.
I wish you a merry Christmas, beautiful holidays and a happy new year.
Last week OISF announced a new tool called suricata-update. It's a smart tool for updating suricata rules from remote sources like Emerging Threats. It's works similar to oinkmaster or pulledpork. The main advantage is that it works great with suricata, makes backup of previous rulesets and tests the rules before applying them. Yesterday it reminded me about deprecated options in my suricata-configuration because of the tests it runs(suricata -T).
I worked the last weeks on suricatas configuration-parser and fixed a couple of minor bugs. Some of them made it to the new suricata 4.0.3 release.
If you type in a wrong command, bash-insulter will insult you badly.