[Oisf-devel] [COMMIT] OISF branch, master-2.0.x, updated. suricata-2.0.3-12-g8cf0736

OISF Git noreply at openinfosecfoundation.org
Tue Sep 23 11:01:06 UTC 2014

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master-2.0.x has been updated
       via  8cf073604603c2e6559c7a7b1f69ec7e93b7c6d4 (commit)
       via  cd03c0029756fa05ac128587075792192f90afbe (commit)
       via  8ec28dea16080c77828412d6de01018dabc7b7c3 (commit)
       via  48499b17392ad3a699b4642ee43fe7ace555de79 (commit)
      from  a3bd19e18a33a748618633dde4aff767373371d9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8cf073604603c2e6559c7a7b1f69ec7e93b7c6d4
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Sep 23 12:16:15 2014 +0200

    Update changelog for 2.0.4

commit cd03c0029756fa05ac128587075792192f90afbe
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Sep 18 10:13:18 2014 +0200

    ssh: convert error message to debug statement
    Don't print errors based on traffic issues.

commit 8ec28dea16080c77828412d6de01018dabc7b7c3
Author: Eric Leblond <eric at regit.org>
Date:   Fri Sep 12 10:02:12 2014 +0200

    app-layer-ssh: fix banner parser
    Carefully crafted SSH banner could result in parser error.
    CVE 2014-6603
    Signed-off-by: Eric Leblond <eric at regit.org>
    Reported-By: Steffen Bauch

commit 48499b17392ad3a699b4642ee43fe7ace555de79
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Sep 17 14:26:27 2014 +0200

    ipv6: RH extension header parsing issue
    A logic error in the IPv6 Routing header parsing caused accidental
    updating of the original packet buffer. The calculated extension
    header lenght was set to the length field of the routing header,
    causing it to be wrong.
    This has 2 consequences:
    1. defrag failure. As the now modified payload was used in defrag,
    the decoding of the reassembled packet now contained a broken length
    field for the routing header. This would lead to decoding failure.
    The potential here is evasion, although it would trigger:
    [1:2200014:1] SURICATA IPv6 truncated extension header
    2. in IPS mode, especially the AF_PACKET mode, the modified and now
    broken packet would be transmitted on the wire. It's likely that
    end hosts and/or routers would reject this packet.
    NFQ based IPS mode would be less affected, as it 'verdicts' based on
    the packet handle. In case of replacing the packet (replace keyword
    or stream normalization) it could broadcast the bad packet.
    Additionally, the RH Type 0 address parsing was also broken. It too
    would modify the original packet. As the result of this code was not
    used anywhere else in the engine, this code is now disabled.
    Reported-By: Rafael Schaefer <rschaefer at ernw.de>


Summary of changes:
 ChangeLog           |    9 +++++
 src/app-layer-ssh.c |   94 +++++++++++++++++++++++++++++++++++++++++++++++++++
 src/decode-ipv6.c   |    8 ++---
 src/decode-ipv6.h   |    2 ++
 4 files changed, 109 insertions(+), 4 deletions(-)


More information about the Oisf-devel mailing list