[Oisf-devel] Suricata 2.0.7 Available!

Victor Julien victor at inliniac.net
Wed Feb 25 15:56:35 UTC 2015


The OISF development team is pleased to announce Suricata 2.0.7. This
release fixes a number of issues in the 2.0 series.

Two major issues. The first was brought to our attention by the Yahoo
Pentest Team. It's a parsing issue in the DCERPC parser that can happen
when Suricata runs out of memory. The exact scope of the problem isn't
clear, but it could certainly lead to crashes. RCE might theoretically
be possible but looks like it's very hard.

The second issue was reported by Darien Huss of Emerging Threats. This
is technically a libhtp issue, but it affects Suricata detection and
logging. Certain characters in the URI could confuse the parsing of the
HTTP request line, leading to possible detection bypass for 'http_uri'
and to incomplete logging of the URI. Libhtp 0.5.17 has been released to
address this and is bundled in 2.0.7.

Other than that a bunch of improvements and fixes. It should work again
on CentOS 5. Midstream TCP was improved and some performance
optimizations for HTTP proxy traffic were made.

Upgrading is highly recommended.


Get the new release here:
http://www.openinfosecfoundation.org/download/suricata-2.0.7.tar.gz

Changes

Bug #1385: DCERPC traffic parsing issue
Bug #1391: http uri parsing issue
Bug #1383: tcp midstream window issue
Bug #1318: A thread-sync issue in streamTCP
Bug #1375: Regressions in list keywords option
Bug #1387: pcap-file hangs on systems w/o atomics support
Bug #1395: dump-counters unix socket command failure
Optimization #1376: file list is not cleaned up (2.0.x)

Security

The DCERPC parsing issue has CVE-2015-0928 assigned to it.

Special thanks

We'd like to thank the following people and corporations for their
contributions and feedback:

- The Yahoo Pentest Team
- Darien Huss -- Emerging Threats
- FireEye
- Dennis Lee

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our
best to make you aware of continuing development and items within the
engine that are not yet complete or optimal. With this in mind, please
notice the list we have included of known items we are working on. See
http://redmine.openinfosecfoundation.org/projects/suricata/issues for an
up to date list and to report new issues. See
http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security
Monitoring engine. Open Source and owned by a community run non-profit
foundation, the Open Information Security Foundation (OISF). Suricata is
developed by the OISF, its supporting vendors and the community.
-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------



More information about the Oisf-devel mailing list