Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 686428 (CVE-2019-10050, CVE-2019-10053) - net-analyzer/suricata: multiple vulnerabilities
Summary: net-analyzer/suricata: multiple vulnerabilities
Status: UNCONFIRMED
Alias: CVE-2019-10050, CVE-2019-10053
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Low trivial (vote)
Assignee: Gentoo Security
URL: https://suricata-ids.org/2019/04/30/s...
Whiteboard: ~3 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-21 01:10 UTC by D'juan McDonald (domhnall)
Modified: 2019-06-21 09:20 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2019-05-21 01:10:12 UTC
Bug #2883: ssh: heap buffer overflow

    Bug #2884: mpls: heapbuffer overflow in file decode-mpls.c

    Bug #2887: decode-ethernet: heapbuffer overflow in file decode-ethernet.c

    Bug #2894: smb 1 create andx request does not parse the filename correctly

    Bug #2903: mpls: cast of misaligned data leads to undefined behavior

    Bug #2943: rust/nfs: integer underflow


(https://nvd.nist.gov/vuln/detail/CVE-2019-10053):
An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.


(https://nvd.nist.gov/vuln/detail/CVE-2019-10050):
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.


Gentoo Security Padawan
(domhnall)
Comment 1 D'juan McDonald (domhnall) 2019-05-21 01:30:02 UTC
ssh: heap buffer overflow
https://redmine.openinfosecfoundation.org/issues/2883

mpls: heapbuffer overflow in file decode-mpls.c
https://redmine.openinfosecfoundation.org/issues/2884

decode-ethernet: heapbuffer overflow in file decode-ethernet.c
https://redmine.openinfosecfoundation.org/issues/2887

smb 1 create andx request does not parse the filename correctly
https://redmine.openinfosecfoundation.org/issues/2894

mpls: cast of misaligned data leads to undefined behavior
https://redmine.openinfosecfoundation.org/issues/2903

rust/nfs: integer underflow
https://redmine.openinfosecfoundation.org/issues/2943
Comment 2 D'juan McDonald (domhnall) 2019-05-21 07:14:03 UTC
(https://lists.openinfosecfoundation.org/pipermail/oisf-announce/2019-May/000474.html): Thu May 9 09:09:33 UTC 2019

Hi all,

Suricata 4.0.x is now end of life. This means no further 4.0.x releases
will be make. Please make sure you update your sensors to the 4.1 branch.

We've also updated our deprecated features page here
https://suricata-ids.org/about/deprecation-policy/

Filestore v1 has been added to list. It will be removed in about a year.
The old text drop.log will be removed at the same time.

Regards,
Victor

-- 
Victor Julien
Suricata Lead Developer
suricata-ids.org