-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT External Security Bulletin Redistribution
bro -- Unsafe integer conversions can cause unintentional
code paths to be executed
4 June 2019
AusCERT Security Bulletin Summary
Operating System: UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote/Unauthenticated
CVE Names: CVE-2019-12175 CVE-2017-12175
- --------------------------BEGIN INCLUDED TEXT--------------------
bro -- Unsafe integer conversions can cause unintentional code paths to be
bro < 2.6.2
VuXML ID 177fa455-48fc-4ded-ba1b-9975caa7f62a
Jon Siwek of Corelight reports:
The following Denial of Service vulnerabilities are addressed:
- Integer type mismatches in BinPAC-generated parser code and Bro
analyzer code may allow for crafted packet data to cause unintentional
code paths in the analysis logic to be taken due to unsafe integer
conversions causing the parser and analysis logic to each expect
different fields to have been parsed. One such example, reported by
Maksim Shudrak, causes the Kerberos analyzer to dereference a null
pointer. CVE-2019-12175 was assigned for this issue.
- The Kerberos parser allows for several fields to be left uninitialized,
but they were not marked with an &optional attribute and several usages
lacked existence checks. Crafted packet data could potentially cause an
attempt to access such uninitialized fields, generate a runtime error/
exception, and leak memory. Existence checks and &optional attributes
have been added to the relevent Kerberos fields.
- BinPAC-generated protocol parsers commonly contain fields whose length
is derived from other packet input, and for those that allow for
incremental parsing, BinPAC did not impose a limit on how large such a
field could grow, allowing for remotely-controlled packet data to cause
growth of BinPAC's flowbuffer bounded only by the numeric limit of an
unsigned 64-bit integer, leading to memory exhaustion. There is now a
generalized limit for how large flowbuffers are allowed to grow,
tunable by setting "BinPAC::flowbuffer_capacity_max".
CVE Name CVE-2017-12175
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to firstname.lastname@example.org
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----