Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.891603 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian LTS: Security Advisory for suricata (DLA-1603-1) |
Zusammenfassung: | Several issues were found in suricata, an intrusion detection and;prevention tool.;;CVE-2017-7177;;Suricata has an IPv4 defragmentation evasion issue caused by lack;of a check for the IP protocol during fragment matching.;;CVE-2017-15377;;It was possible to trigger lots of redundant checks on the content;of crafted network traffic with a certain signature, because of;DetectEngineContentInspection in detect-engine-content-inspection.c.;The search engine doesn't stop when it should after no match is;found. Instead, it stops only upon reaching inspection-recursion-;limit (3000 by default).;;CVE-2018-6794;;Suricata is prone to an HTTP detection bypass vulnerability in;detect.c and stream-tcp.c. If a malicious server breaks a normal;TCP flow and sends data before the 3-way handshake is complete,;then the data sent by the malicious server will be accepted by web;clients such as a web browser or Linux CLI utilities, but ignored;by Suricata IDS signatures. This mostly affects IDS signatures for;the HTTP protocol and TCP stream content. Signatures for TCP packets;will inspect such network traffic as usual.;;TEMP-0856648-2BC2C9 (no CVE assigned yet);;Out of bounds read in app-layer-dns-common.c.;On a zero size A or AAAA record, 4 or 16 bytes would still be read. |
Beschreibung: | Summary: Several issues were found in suricata, an intrusion detection and prevention tool. CVE-2017-7177 Suricata has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. CVE-2017-15377 It was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found. Instead, it stops only upon reaching inspection-recursion- limit (3000 by default). CVE-2018-6794 Suricata is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content. Signatures for TCP packets will inspect such network traffic as usual. TEMP-0856648-2BC2C9 (no CVE assigned yet) Out of bounds read in app-layer-dns-common.c. On a zero size A or AAAA record, 4 or 16 bytes would still be read. Affected Software/OS: suricata on Debian Linux Solution: For Debian 8 'Jessie', these problems have been fixed in version 2.0.7-2+deb8u3. We recommend that you upgrade your suricata packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-7177 BugTraq ID: 97047 http://www.securityfocus.com/bid/97047 https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2018-6794 https://www.exploit-db.com/exploits/44247/ |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |