Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1993 bro -- Unsafe integer conversions can cause unintentional code paths to be executed 4 June 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: bro Publisher: FreeBSD Operating System: UNIX variants (UNIX, Linux, OSX) FreeBSD Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-12175 CVE-2017-12175 Original Bulletin: http://www.vuxml.org/freebsd/177fa455-48fc-4ded-ba1b-9975caa7f62a.html - --------------------------BEGIN INCLUDED TEXT-------------------- bro -- Unsafe integer conversions can cause unintentional code paths to be executed Affected packages bro < 2.6.2 Details VuXML ID 177fa455-48fc-4ded-ba1b-9975caa7f62a Discovery 2019-05-29 Entry 2019-05-31 Jon Siwek of Corelight reports: The following Denial of Service vulnerabilities are addressed: - Integer type mismatches in BinPAC-generated parser code and Bro analyzer code may allow for crafted packet data to cause unintentional code paths in the analysis logic to be taken due to unsafe integer conversions causing the parser and analysis logic to each expect different fields to have been parsed. One such example, reported by Maksim Shudrak, causes the Kerberos analyzer to dereference a null pointer. CVE-2019-12175 was assigned for this issue. - The Kerberos parser allows for several fields to be left uninitialized, but they were not marked with an &optional attribute and several usages lacked existence checks. Crafted packet data could potentially cause an attempt to access such uninitialized fields, generate a runtime error/ exception, and leak memory. Existence checks and &optional attributes have been added to the relevent Kerberos fields. - BinPAC-generated protocol parsers commonly contain fields whose length is derived from other packet input, and for those that allow for incremental parsing, BinPAC did not impose a limit on how large such a field could grow, allowing for remotely-controlled packet data to cause growth of BinPAC's flowbuffer bounded only by the numeric limit of an unsigned 64-bit integer, leading to memory exhaustion. There is now a generalized limit for how large flowbuffers are allowed to grow, tunable by setting "BinPAC::flowbuffer_capacity_max". [source] References CVE Name CVE-2017-12175 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXPXBf2aOgq3Tt24GAQhu7RAA3oCgN8GQkjrcrjdqLjvg78+mabGn+Yr0 B5l326skZzcLppl7hIohkjVWw+ihyRG5KkqyiM6S7vllTaB6FWaviMlVPXWVMfsb tZSQM8FC772+vZWkObmRVOlBYeKNaGFz2rFtjR/cH935NUaOXRUQE9tvUx3w3Xzn LXXd4tmOL8HurCQo3X/9xMHj98nUUqd0Do3NBr5bg8LhSYKytqYHFKC8OmzdlcFR R9ZzEWz6yqnH4LRCtWHksRNvC5iiytRdh5lWl1lapxJNOAovxBWcEJ6lImeUpRob IgVKMdYHoUEEFC4dJ5wgcAOS74qiHjlhS98AefFTnl8VI2EjNGyv7p1cMM+djoQk cCFy73JpTSkmGN05WvO2B9Vx5Ewc3SlChE1vv+5vB/Y8E1i2eCiw8W3Y7T2ZvICS K22/8x1q0qdz+HdpcBh6F1S5bXanbIgvJitiu670L/pnzGW7/oE5ih//AAuEPYjP 0iwtJ/wjkllRS6osdxbhXdrNIYbkrgyegSslBvue5FF5yhkXPIpfT1yysS6LvGQ4 sghsgAIo1LWRbjTKMCLclxpVS2r97v/aGjNxHR4Kupv9x3AlR5oxuG7rINOI++YO +frMbZ0KKXeDuOstWGyfbyNYNQwrMD5+vBQCBmIUlrANpjA/IUvQMaGT3lc+9Sfp dztx5d5ZPIQ= =YWej -----END PGP SIGNATURE-----