exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Suricata 2.0.3 Out Of Bounds Access

Suricata 2.0.3 Out Of Bounds Access
Posted Sep 24, 2014
Authored by Steffen Bauch

It was found out that the application parser for SSH integrated in Suricata version 2.0.3 contains a flaw that might lead to an out-of-bounds access. For this reason a denial of service towards the Suricata monitoring software might be possible using crafted packets on the monitoring interface.

tags | advisory, denial of service
advisories | CVE-2014-6603
SHA-256 | d9284970b7ebf84d7392e3f60e31b6673917978d712e1c5c6bc2048f65607f49

Suricata 2.0.3 Out Of Bounds Access

Change Mirror Download
CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH application parser

1. Background

Suricata is a high performance Network IDS, IPS and Network Security
Monitoring engine developed by the Open Information Security Foundation
(OISF).

2. Summary Information

It was found out that the application parser for SSH integrated in
Suricata contains a flaw that might lead to an out-of-bounds access. For
this reason a Denial of Service towards the Suricata monitoring software
might be possible using crafted packets on the monitoring interface.

3. Technical Description

The application parser for SSH (src/app-layer-ssh.c) contains a function
SSHParseBanner. In case the parsed buffer is either

"SSH-2.0\r-MySSHClient-0.5.1\n"

or

"SSH-2.0-\rMySSHClient-0.5.1\n"

the function will behave in the wrong way and attempt either a very big
memory allocation or an out of bounds array access with negative index,
which also might lead to out-of-bounds write access under certain
conditions. The problem is caused due to the fact that the end of the
banner and start of the software version are computed independently.

4. Affected versions

Affected versions are Suricata 2.0.3 and 2.1beta1, older versions might
be affected as well.

5. Fix

The issue will be fixed in Suricata 2.0.4 and in the next upcoming major
release. See
http://suricata-ids.org/2014/09/23/suricata-2-0-4-available/ for reference.

6. Advisory Timeline

2014-09-10: Discovered
2014-09-12: Reported to vendor by email
2014-09-12: Vendor responded, confirmed and provided preliminary fix
2014-09-17: Requested CVE
2014-09-19: CVE number received
2014-09-23: Vendor reported a fixed version released
2014-09-23: Published

7. Credit

The issue was found by

Steffen Bauch
Twitter: @steffenbauch
http://steffenbauch.de

8. References

http://www.openinfosecfoundation.org/
http://suricata-ids.org/
http://suricata-ids.org/2014/09/23/suricata-2-0-4-available/
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close