FYHTECH

FUN WITH LINUX

Suricata: stack-based buffer-overflow in ParseFilename

6 April 2018

Overview

  • System affected: suricata
  • Software-Version: prior to 4.1
  • Impact: Code-Execution. The impact for this vulnerability is considered as low because an attacker could exploit this for code execution only if the configuration-file is not protected properly.

Detailed description

There is a stack-based buffer-overflow in ParseFilename. Since the length of “outputs.pcap-log.filename” is not checked and the destination buffer “str” has a fixed length of 512 bytes, a buffer overflow happens with long filenames for the pcap-log. A special crafted config-file could lead to code-execution. The impact for this vulnerability is considered as low because an attacker could exploit this only if the configuration-file is not protected properly.

Solution

This bug was fixed in Suricata 4.1

Credits

This bug was discovered and fixed by Wolfgang Hotwagner (https://tech.feedyourhead.at/content/suricata-stack-based-buffer-overflow)

[ Security  Suricata  ]
User image

My name is Wolfgang Hotwagner. I am a Linux and Information Security enthusiast from Vienna. This blog is about my journey through Computer Science.

Tag Cloud

Tricks Network Nagios Anniversary Zsh PHP One-Liner Open-Source Suricata Btrfs Downloads ccc Fun apache openssl Backup Mail Certification git vim Programming HackADay C Rails CVE Linux xmas Puppet Mathematics Email Proxy Crypto logrotate Bash News Software-Raid LVM External Desktop Virtualization Web Perl Debian TerminalEmulator Raspberry Kernel CLI Shell Sysadmin Toscom Postgresql Blog Docker Database Ansible Multimedia Firewall Ruby Security Hardware

Recent Posts

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti