FUN WITH LINUX

Suricata: stack-based buffer-overflow in ParseFilename

6 April 2018

Overview

  • System affected: suricata
  • Software-Version: prior to 4.1
  • Impact: Code-Execution. The impact for this vulnerability is considered as low because an attacker could exploit this for code execution only if the configuration-file is not protected properly.

Detailed description

There is a stack-based buffer-overflow in ParseFilename. Since the length of “outputs.pcap-log.filename” is not checked and the destination buffer “str” has a fixed length of 512 bytes, a buffer overflow happens with long filenames for the pcap-log. A special crafted config-file could lead to code-execution. The impact for this vulnerability is considered as low because an attacker could exploit this only if the configuration-file is not protected properly.

Solution

This bug was fixed in Suricata 4.1

Credits

This bug was discovered and fixed by Wolfgang Hotwagner (https://tech.feedyourhead.at/content/suricata-stack-based-buffer-overflow)

[ Security  Suricata  ]
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti