Debian Bug report logs -
#856649
suricata: CVE-2017-7177: IPv4 defrag evasion issue
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Pierre Chifflier <pollux@debian.org>
:
Bug#856649
; Package src:suricata
.
(Fri, 03 Mar 2017 09:48:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Pierre Chifflier <pollux@debian.org>
.
(Fri, 03 Mar 2017 09:48:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: suricata
Version: 2.0.7-2
Severity: important
Tags: patch upstream security
Forwarded: https://redmine.openinfosecfoundation.org/issues/2019
Details:
https://redmine.openinfosecfoundation.org/issues/2019
Fixed by:
https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8
(3.2.1)
No CVE assigned yet. Can you please update the bug once known.
Regards,
Salvatore
Marked as fixed in versions suricata/3.2.1-1~exp1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 03 Mar 2017 09:54:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Pierre Chifflier <pollux@debian.org>
:
Bug#856649
; Package src:suricata
.
(Wed, 15 Mar 2017 07:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>
:
Extra info received and forwarded to list. Copy sent to Pierre Chifflier <pollux@debian.org>
.
(Wed, 15 Mar 2017 07:39:03 GMT) (full text, mbox, link).
Message #12 received at 856649@bugs.debian.org (full text, mbox, reply):
Hi,
> suricata: IPv4 defrag evasion issue
Any update with getting a CVE on this? :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
Information forwarded
to debian-bugs-dist@lists.debian.org, Pierre Chifflier <pollux@debian.org>
:
Bug#856649
; Package src:suricata
.
(Wed, 15 Mar 2017 09:24:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Pierre Chifflier <pollux@debian.org>
.
(Wed, 15 Mar 2017 09:24:03 GMT) (full text, mbox, link).
Message #17 received at 856649@bugs.debian.org (full text, mbox, reply):
Hello Chris,
On Wed, Mar 15, 2017 at 07:36:26AM +0000, Chris Lamb wrote:
> Hi,
>
> > suricata: IPv4 defrag evasion issue
>
> Any update with getting a CVE on this? :)
No, unfortuantely we haven't heard back yet.
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Pierre Chifflier <pollux@debian.org>
:
Bug#856649
; Package src:suricata
.
(Sun, 19 Mar 2017 19:24:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Pierre Chifflier <pollux@debian.org>
.
(Sun, 19 Mar 2017 19:24:02 GMT) (full text, mbox, link).
Message #22 received at 856649@bugs.debian.org (full text, mbox, reply):
Control: retitle -1 suricata: CVE-2017-7177: IPv4 defrag evasion issue
On Wed, Mar 15, 2017 at 07:36:26AM +0000, Chris Lamb wrote:
> Hi,
>
> > suricata: IPv4 defrag evasion issue
>
> Any update with getting a CVE on this? :)
It's CVE-2017-7177. I have updated the security-tracker.
Regards,
Salvatore
Changed Bug title to 'suricata: CVE-2017-7177: IPv4 defrag evasion issue' from 'suricata: IPv4 defrag evasion issue'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 856649-submit@bugs.debian.org
.
(Sun, 19 Mar 2017 19:24:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Pierre Chifflier <pollux@debian.org>
:
Bug#856649
; Package src:suricata
.
(Mon, 20 Mar 2017 13:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Arturo Borrero Gonzalez <arturo@debian.org>
:
Extra info received and forwarded to list. Copy sent to Pierre Chifflier <pollux@debian.org>
.
(Mon, 20 Mar 2017 13:33:03 GMT) (full text, mbox, link).
Message #29 received at 856649@bugs.debian.org (full text, mbox, reply):
On 19 March 2017 at 20:22, Salvatore Bonaccorso <carnil@debian.org> wrote:
>
> It's CVE-2017-7177. I have updated the security-tracker.
>
Yes, thanks Salvatore. All seems right.
The upload with the fix is in unstable, in his way for stretch.
I would like to ask, What are your plans regarding wheezy?
Information forwarded
to debian-bugs-dist@lists.debian.org, Pierre Chifflier <pollux@debian.org>
:
Bug#856649
; Package src:suricata
.
(Mon, 20 Mar 2017 16:39:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>
:
Extra info received and forwarded to list. Copy sent to Pierre Chifflier <pollux@debian.org>
.
(Mon, 20 Mar 2017 16:39:06 GMT) (full text, mbox, link).
Message #34 received at 856649@bugs.debian.org (full text, mbox, reply):
Hi Arturo,
> I would like to ask, What are your plans regarding wheezy?
Just jumping in here as I just had a look at backporting this patch. I
think there might be some issues with the upstream patch anyway, eg.:
https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8#commitcomment-21401303
Apart from that, how about:
--- suricata-1.2.1.orig/src/defrag.c
+++ suricata-1.2.1/src/defrag.c
@@ -174,6 +174,8 @@ typedef struct DefragTracker_ {
uint32_t id; /**< IP ID for this tracker. 32 bits for IPv6, 16
* for IPv4. */
+ uint8_t proto; /**< IP protocol for this tracker. */
+
uint8_t policy; /**< Reassembly policy this tracker will use. */
uint8_t af; /**< Address family for this tracker, AF_INET or
@@ -268,6 +270,8 @@ DefragHashCompare(void *a, uint16_t a_le
return 0;
else if (!CMP_ADDR(&dta->dst_addr, &dtb->dst_addr))
return 0;
+ else if (dta->proto != dtb->proto)
+ return 0;
/* Match. */
return 1;
@@ -1140,6 +1144,7 @@ DefragGetTracker(ThreadVars *tv, DecodeT
DefragTrackerReset(tracker);
tracker->af = lookup_key->af;
tracker->id = lookup_key->id;
+ tracker->proto = IP_GET_IPPROTO(p);
tracker->src_addr = lookup_key->src_addr;
tracker->dst_addr = lookup_key->dst_addr;
tracker->policy = DefragGetOsPolicy(p);
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:22:47 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.