177fa455-48fc-4ded-ba1b-9975caa7f62a | bro -- Unsafe integer conversions can cause unintentional code paths to be executed
Jon Siwek of Corelight reports:
The following Denial of Service vulnerabilities are addressed:
- Integer type mismatches in BinPAC-generated parser code
and Bro analyzer code may allow for crafted packet data
to cause unintentional code paths in the analysis logic
to be taken due to unsafe integer conversions causing the
parser and analysis logic to each expect different fields
to have been parsed. One such example, reported by Maksim
Shudrak, causes the Kerberos analyzer to dereference a
null pointer. CVE-2019-12175 was assigned for this issue.
- The Kerberos parser allows for several fields to be left
uninitialized, but they were not marked with an &optional
attribute and several usages lacked existence checks.
Crafted packet data could potentially cause an attempt
to access such uninitialized fields, generate a runtime
error/exception, and leak memory. Existence checks and
&optional attributes have been added to the relevent
Kerberos fields.
- BinPAC-generated protocol parsers commonly contain fields
whose length is derived from other packet input, and for
those that allow for incremental parsing, BinPAC did not
impose a limit on how large such a field could grow,
allowing for remotely-controlled packet data to cause
growth of BinPAC's flowbuffer bounded only by the numeric
limit of an unsigned 64-bit integer, leading to memory
exhaustion. There is now a generalized limit for how
large flowbuffers are allowed to grow, tunable by setting
"BinPAC::flowbuffer_capacity_max".
Discovery 2019-05-29 Entry 2019-05-31 bro
< 2.6.2
CVE-2017-12175
|
55571619-454e-4769-b1e5-28354659e152 | bro -- invalid memory access or heap buffer over-read
Jon Siwek of Corelight reports:
This is a security patch release to address a potential
Denial of Service vulnerability:
-
The NTLM analyzer did not properly handle AV Pair sequences
that were either empty or unterminated, resulting in
invalid memory access or heap buffer over-read. The NTLM
analyzer is enabled by default and used in the analysis
of SMB, DCE/RPC, and GSSAPI protocols.
Discovery 2019-08-28 Entry 2019-09-17 bro
< 2.6.4
https://raw.githubusercontent.com/zeek/zeek/3b5a9f88ece1d274edee897837e280ef751bde94/NEWS
|