Related Vulnerabilities: CVE-2017-7177

Source

Debian Bug report logs - #856649
suricata: CVE-2017-7177: IPv4 defrag evasion issue

Package: src:suricata; Maintainer for src:suricata is Pierre Chifflier <pollux@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 3 Mar 2017 09:48:04 UTC

Severity: important

Tags: patch, security, upstream

Found in version suricata/2.0.7-2

Fixed in version suricata/3.2.1-1~exp1

Forwarded to https://redmine.openinfosecfoundation.org/issues/2019

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Pierre Chifflier <pollux@debian.org>:
Bug#856649; Package src:suricata. (Fri, 03 Mar 2017 09:48:07 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Pierre Chifflier <pollux@debian.org>. (Fri, 03 Mar 2017 09:48:07 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: suricata
Version: 2.0.7-2
Severity: important
Tags: patch upstream security
Forwarded: https://redmine.openinfosecfoundation.org/issues/2019

Details:

https://redmine.openinfosecfoundation.org/issues/2019
Fixed by:
https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8
(3.2.1)

No CVE assigned yet. Can you please update the bug once known.

Regards,
Salvatore

Marked as fixed in versions suricata/3.2.1-1~exp1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 03 Mar 2017 09:54:05 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Pierre Chifflier <pollux@debian.org>:
Bug#856649; Package src:suricata. (Wed, 15 Mar 2017 07:39:03 GMT) (full text, mbox, link).

Acknowledgement sent to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Pierre Chifflier <pollux@debian.org>. (Wed, 15 Mar 2017 07:39:03 GMT) (full text, mbox, link).

Message #12 received at 856649@bugs.debian.org (full text, mbox, reply):

Hi,

> suricata: IPv4 defrag evasion issue

Any update with getting a CVE on this? :)


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Information forwarded to debian-bugs-dist@lists.debian.org, Pierre Chifflier <pollux@debian.org>:
Bug#856649; Package src:suricata. (Wed, 15 Mar 2017 09:24:02 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Pierre Chifflier <pollux@debian.org>. (Wed, 15 Mar 2017 09:24:03 GMT) (full text, mbox, link).

Message #17 received at 856649@bugs.debian.org (full text, mbox, reply):

Hello Chris,

On Wed, Mar 15, 2017 at 07:36:26AM +0000, Chris Lamb wrote:
> Hi,
> 
> > suricata: IPv4 defrag evasion issue
> 
> Any update with getting a CVE on this? :)

No, unfortuantely we haven't heard back yet.

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Pierre Chifflier <pollux@debian.org>:
Bug#856649; Package src:suricata. (Sun, 19 Mar 2017 19:24:02 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Pierre Chifflier <pollux@debian.org>. (Sun, 19 Mar 2017 19:24:02 GMT) (full text, mbox, link).

Message #22 received at 856649@bugs.debian.org (full text, mbox, reply):

Control: retitle -1 suricata: CVE-2017-7177: IPv4 defrag evasion issue

On Wed, Mar 15, 2017 at 07:36:26AM +0000, Chris Lamb wrote:
> Hi,
> 
> > suricata: IPv4 defrag evasion issue
> 
> Any update with getting a CVE on this? :)

It's CVE-2017-7177. I have updated the security-tracker.

Regards,
Salvatore

Changed Bug title to 'suricata: CVE-2017-7177: IPv4 defrag evasion issue' from 'suricata: IPv4 defrag evasion issue'. Request was from Salvatore Bonaccorso <carnil@debian.org> to 856649-submit@bugs.debian.org. (Sun, 19 Mar 2017 19:24:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Pierre Chifflier <pollux@debian.org>:
Bug#856649; Package src:suricata. (Mon, 20 Mar 2017 13:33:03 GMT) (full text, mbox, link).

Acknowledgement sent to Arturo Borrero Gonzalez <arturo@debian.org>:
Extra info received and forwarded to list. Copy sent to Pierre Chifflier <pollux@debian.org>. (Mon, 20 Mar 2017 13:33:03 GMT) (full text, mbox, link).

Message #29 received at 856649@bugs.debian.org (full text, mbox, reply):

On 19 March 2017 at 20:22, Salvatore Bonaccorso <carnil@debian.org> wrote:
>
> It's CVE-2017-7177. I have updated the security-tracker.
>

Yes, thanks Salvatore. All seems right.

The upload with the fix is in unstable, in his way for stretch.

I would like to ask, What are your plans regarding wheezy?

Information forwarded to debian-bugs-dist@lists.debian.org, Pierre Chifflier <pollux@debian.org>:
Bug#856649; Package src:suricata. (Mon, 20 Mar 2017 16:39:06 GMT) (full text, mbox, link).

Acknowledgement sent to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Pierre Chifflier <pollux@debian.org>. (Mon, 20 Mar 2017 16:39:06 GMT) (full text, mbox, link).

Message #34 received at 856649@bugs.debian.org (full text, mbox, reply):

Hi Arturo,

> I would like to ask, What are your plans regarding wheezy?

Just jumping in here as I just had a look at backporting this patch. I
think there might be some issues with the upstream patch anyway, eg.:

 https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8#commitcomment-21401303

Apart from that, how about:

    --- suricata-1.2.1.orig/src/defrag.c
    +++ suricata-1.2.1/src/defrag.c
    @@ -174,6 +174,8 @@ typedef struct DefragTracker_ {
         uint32_t id; /**< IP ID for this tracker.  32 bits for IPv6, 16
                       * for IPv4. */
     
    +    uint8_t proto; /**< IP protocol for this tracker. */
    +
         uint8_t policy; /**< Reassembly policy this tracker will use. */
     
         uint8_t af; /**< Address family for this tracker, AF_INET or
    @@ -268,6 +270,8 @@ DefragHashCompare(void *a, uint16_t a_le
             return 0;
         else if (!CMP_ADDR(&dta->dst_addr, &dtb->dst_addr))
             return 0;
    +    else if (dta->proto != dtb->proto)
    +        return 0;
     
         /* Match. */
         return 1;
    @@ -1140,6 +1144,7 @@ DefragGetTracker(ThreadVars *tv, DecodeT
             DefragTrackerReset(tracker);
             tracker->af = lookup_key->af;
             tracker->id = lookup_key->id;
    +        tracker->proto = IP_GET_IPPROTO(p);
             tracker->src_addr = lookup_key->src_addr;
             tracker->dst_addr = lookup_key->dst_addr;
             tracker->policy = DefragGetOsPolicy(p);



Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 19:22:47 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

suricata: CVE-2017-7177: IPv4 defrag evasion issue

Debian Bug report logs - #856649
suricata: CVE-2017-7177: IPv4 defrag evasion issue

Vulmon Search

About

Products

Connect

suricata: CVE-2017-7177: IPv4 defrag evasion issue

Debian Bug report logs - #856649 suricata: CVE-2017-7177: IPv4 defrag evasion issue

Vulmon Search

About

Products

Connect

Debian Bug report logs - #856649
suricata: CVE-2017-7177: IPv4 defrag evasion issue