[Oisf-users] Suffering Simultaneous Suricata Segfaults

Cloherty, Sean E scloherty at mitre.org
Fri Oct 5 18:01:33 UTC 2018


I don't know if this is useful, but a friend helped me trace back through the source code from the line that Suricata faulted on : 

ProcessMimeEntity  	called by util-decode-mime.c
util-decode-mime.c 	called by int MimeDecParseLine
MimeDecParseLine 	ONLY called by app-layer-smtp.c called by MimeDecParseLine
MimeDecParseLine 	called by SMTPProcessCommandDATA



-----Original Message-----
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Cloherty, Sean E
Sent: Tuesday, October 2, 2018 10:05 AM
To: lists at inliniac.net; Cooper F. Nelson <cnelson at ucsd.edu>; Greg Grasmehr <greg.grasmehr at caltech.edu>
Cc: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Suffering Simultaneous Suricata Segfaults

I'll see what I can turn up.  May take a day or two.

-----Original Message-----
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> On Behalf Of Victor Julien
Sent: Saturday, September 29, 2018 3:54 AM
To: Cooper F. Nelson <cnelson at ucsd.edu>; Greg Grasmehr <greg.grasmehr at caltech.edu>
Cc: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Suffering Simultaneous Suricata Segfaults

On 29-09-18 01:59, Cooper F. Nelson wrote:
> Bizarre, we had a segfault around the same time (also pacific time).

Since this code is only called from the SMTP parser, I suspect we have a case where an automated mail (likely spam) triggered this. Does anyone have full packet capture to see if we can get a pcap for this?

--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------


_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/


More information about the Oisf-users mailing list