FYHTECH

FUN WITH LINUX

Suricata: stack-based buffer-overflow in ParseFilename

6 April 2018

Overview

  • System affected: suricata
  • Software-Version: prior to 4.1
  • Impact: Code-Execution. The impact for this vulnerability is considered as low because an attacker could exploit this for code execution only if the configuration-file is not protected properly.

Detailed description

There is a stack-based buffer-overflow in ParseFilename. Since the length of “outputs.pcap-log.filename” is not checked and the destination buffer “str” has a fixed length of 512 bytes, a buffer overflow happens with long filenames for the pcap-log. A special crafted config-file could lead to code-execution. The impact for this vulnerability is considered as low because an attacker could exploit this only if the configuration-file is not protected properly.

Solution

This bug was fixed in Suricata 4.1

Credits

This bug was discovered and fixed by Wolfgang Hotwagner (https://tech.feedyourhead.at/content/suricata-stack-based-buffer-overflow)

[ Security  Suricata  ]
User image

My name is Wolfgang Hotwagner. I am a Linux and Information Security enthusiast from Vienna. This blog is about my journey through Computer Science.

Tag Cloud

CLI Security vim CVE Nagios logrotate Btrfs LVM Certification HackADay Raspberry C git Sysadmin Kernel ccc Crypto Anniversary Downloads TerminalEmulator Virtualization Perl Shell Postgresql Debian Network Ruby Suricata Programming Multimedia Linux Mail apache Puppet Toscom Firewall Mathematics Desktop Bash Ansible One-Liner Open-Source Blog Hardware Backup PHP Docker xmas External News Tricks Email Proxy Zsh Database openssl Fun Web Software-Raid

Recent Posts

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti