Impact: Code-Execution. The impact for this vulnerability is considered as low because an attacker could exploit this for code execution only if the configuration-file is not protected properly.
The list of possible sources for suricata-update is downloaded from "https://www.openinfosecfoundation.org/rules/index.yaml" per default. Suricata-Update uses the insecure yaml.load()-function which could lead to remote code execution.
I wish you a merry Christmas, beautiful holidays and a happy new year.
Last week OISF announced a new tool called suricata-update. It's a smart tool for updating suricata rules from remote sources like Emerging Threats. It's works similar to oinkmaster or pulledpork. The main advantage is that it works great with suricata, makes backup of previous rulesets and tests the rules before applying them. Yesterday it reminded me about deprecated options in my suricata-configuration because of the tests it runs(suricata -T).
I worked the last weeks on suricatas configuration-parser and fixed a couple of minor bugs. Some of them made it to the new suricata 4.0.3 release.
If you type in a wrong command, bash-insulter will insult you badly.
A few weeks ago I started cmus to read in all my music and it crashed badly. I wondered how this could happen and started to investigate. So I figured out that it crashed with a segfault. After compiling it with debugging-symbols and running it with gdb I located the bug in the libcue-library and I also found out the reason why: libcue doesn't handle unicode-files and one of my cue-files was unicode encodeded. So libcue started to detect a lot of "bad characters" before it segfaulted.
Even if I was a little bit lazy and did not write much lately, I am very proud to announce the third anniversary of this blog.
I wrote a role for managing MaraDNS with Ansible.
ansible-galaxy install whotwagner.maradns
