-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.1993
         bro -- Unsafe integer conversions can cause unintentional
                         code paths to be executed
                                4 June 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           bro
Publisher:         FreeBSD
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   FreeBSD
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-12175 CVE-2017-12175 

Original Bulletin: 
   http://www.vuxml.org/freebsd/177fa455-48fc-4ded-ba1b-9975caa7f62a.html

- --------------------------BEGIN INCLUDED TEXT--------------------

bro -- Unsafe integer conversions can cause unintentional code paths to be
executed

Affected packages
  bro   < 2.6.2

Details

VuXML ID  177fa455-48fc-4ded-ba1b-9975caa7f62a
Discovery 2019-05-29
Entry     2019-05-31

Jon Siwek of Corelight reports:

    The following Denial of Service vulnerabilities are addressed:

      - Integer type mismatches in BinPAC-generated parser code and Bro
        analyzer code may allow for crafted packet data to cause unintentional
        code paths in the analysis logic to be taken due to unsafe integer
        conversions causing the parser and analysis logic to each expect
        different fields to have been parsed. One such example, reported by
        Maksim Shudrak, causes the Kerberos analyzer to dereference a null
        pointer. CVE-2019-12175 was assigned for this issue.
      - The Kerberos parser allows for several fields to be left uninitialized,
        but they were not marked with an &optional attribute and several usages
        lacked existence checks. Crafted packet data could potentially cause an
        attempt to access such uninitialized fields, generate a runtime error/
        exception, and leak memory. Existence checks and &optional attributes
        have been added to the relevent Kerberos fields.
      - BinPAC-generated protocol parsers commonly contain fields whose length
        is derived from other packet input, and for those that allow for
        incremental parsing, BinPAC did not impose a limit on how large such a
        field could grow, allowing for remotely-controlled packet data to cause
        growth of BinPAC's flowbuffer bounded only by the numeric limit of an
        unsigned 64-bit integer, leading to memory exhaustion. There is now a
        generalized limit for how large flowbuffers are allowed to grow,
        tunable by setting "BinPAC::flowbuffer_capacity_max".
    [source]

References

CVE Name CVE-2017-12175

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXPXBf2aOgq3Tt24GAQhu7RAA3oCgN8GQkjrcrjdqLjvg78+mabGn+Yr0
B5l326skZzcLppl7hIohkjVWw+ihyRG5KkqyiM6S7vllTaB6FWaviMlVPXWVMfsb
tZSQM8FC772+vZWkObmRVOlBYeKNaGFz2rFtjR/cH935NUaOXRUQE9tvUx3w3Xzn
LXXd4tmOL8HurCQo3X/9xMHj98nUUqd0Do3NBr5bg8LhSYKytqYHFKC8OmzdlcFR
R9ZzEWz6yqnH4LRCtWHksRNvC5iiytRdh5lWl1lapxJNOAovxBWcEJ6lImeUpRob
IgVKMdYHoUEEFC4dJ5wgcAOS74qiHjlhS98AefFTnl8VI2EjNGyv7p1cMM+djoQk
cCFy73JpTSkmGN05WvO2B9Vx5Ewc3SlChE1vv+5vB/Y8E1i2eCiw8W3Y7T2ZvICS
K22/8x1q0qdz+HdpcBh6F1S5bXanbIgvJitiu670L/pnzGW7/oE5ih//AAuEPYjP
0iwtJ/wjkllRS6osdxbhXdrNIYbkrgyegSslBvue5FF5yhkXPIpfT1yysS6LvGQ4
sghsgAIo1LWRbjTKMCLclxpVS2r97v/aGjNxHR4Kupv9x3AlR5oxuG7rINOI++YO
+frMbZ0KKXeDuOstWGyfbyNYNQwrMD5+vBQCBmIUlrANpjA/IUvQMaGT3lc+9Sfp
dztx5d5ZPIQ=
=YWej
-----END PGP SIGNATURE-----