[Oisf-users] SSH issue fixed in Suricata 2.0.4

Victor Julien victor at inliniac.net
Tue Sep 23 11:57:57 UTC 2014


In the just released 2.0.4 we fixed an SSH banner parsing issue that
could lead to a crash of Suricata.

The proper fix is to upgrade, but a work around is to disable the SSH
parser in your yaml.

app-layer:
  protocols:
    tls:
      enabled: yes
      detection-ports:
        dp: 443

      #no-reassemble: yes
    dcerpc:
      enabled: yes
    ftp:
      enabled: yes
    ssh:
      enabled: no <- this disables the parser.

Alternatively, it can be set to 'detection-only', which means that
protocol detection is still enabled, but parsing isn't.

If you disable the parser, the ssh rule keywords and the ssh logging
won't work.

https://redmine.openinfosecfoundation.org/issues/1278


A new development version of the 2.1 series will be released next week
to address this issue there as well. The git master has already been fixed.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------



More information about the Oisf-users mailing list