Bug#856649: suricata: IPv4 defrag evasion issue

2023-04-10 Thread Salvatore Bonaccorso 
Source: suricata
Source-Version: 3.2.1-1~exp1

Hi Sascha,

On Mon, Apr 10, 2023 at 11:11:12PM +0200, Sascha Steinbiss wrote:
> Hi Salvatore,
> 
> > > (re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649)
> > > 
> > > Can we just close this bug? This has been addressed for years, and I am 
> > > not
> > > sure we need to keep these open forever.
> > 
> > Can you pin point the upstream version where this was fixed?
> 
> Sure, you did so yourself in your original bug report from 2017 [1] :)
> It's upstream version 3.2.1, which is confirmed by the tags listed in the
> commit on GitHub and the target version of the fix in upstream's Redmine.
> That version was uploaded to unstable later in March 2017 [2].

Wow that is embarassing :-(. Yes let's close this bug. Metadata was
already tracking it correctly, but there is no point in keeping the
bug open.

Thanks for prodding again.

Regards,
Salvatore

Bug#856649: suricata: IPv4 defrag evasion issue

2023-04-10 Thread Sascha Steinbiss 

Hi Salvatore,


(re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649)

Can we just close this bug? This has been addressed for years, and I am not
sure we need to keep these open forever.


Can you pin point the upstream version where this was fixed?


Sure, you did so yourself in your original bug report from 2017 [1] :)
It's upstream version 3.2.1, which is confirmed by the tags listed in 
the commit on GitHub and the target version of the fix in upstream's 
Redmine. That version was uploaded to unstable later in March 2017 [2].


Just FYI: we're at 6.0.10 now.

Best regards
Sascha

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649#5
[2] 
https://tracker.debian.org/news/841144/accepted-suricata-321-1-source-into-unstable/


OpenPGP_signature
Description: OpenPGP digital signature

Bug#856649: suricata: IPv4 defrag evasion issue

2023-04-10 Thread Salvatore Bonaccorso 
Hi,

On Sun, Apr 09, 2023 at 01:16:34PM +0200, Sascha Steinbiss wrote:
> Hi,
> 
> (re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649)
> 
> Can we just close this bug? This has been addressed for years, and I am not
> sure we need to keep these open forever.

Can you pin point the upstream version where this was fixed?

Regards,
Salvatore

Bug#856649: suricata: IPv4 defrag evasion issue

2023-04-09 Thread Sascha Steinbiss 

Hi,

(re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649)

Can we just close this bug? This has been addressed for years, and I am 
not sure we need to keep these open forever.


Thanks and best regards
Sascha


OpenPGP_signature
Description: OpenPGP digital signature

Bug#856649: suricata: IPv4 defrag evasion issue

2017-03-20 Thread Chris Lamb 
Hi Arturo,

> I would like to ask, What are your plans regarding wheezy?

Just jumping in here as I just had a look at backporting this patch. I
think there might be some issues with the upstream patch anyway, eg.:

 
https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8#commitcomment-21401303

Apart from that, how about:

--- suricata-1.2.1.orig/src/defrag.c
+++ suricata-1.2.1/src/defrag.c
@@ -174,6 +174,8 @@ typedef struct DefragTracker_ {
 uint32_t id; /**< IP ID for this tracker.  32 bits for IPv6, 16
   * for IPv4. */
 
+uint8_t proto; /**< IP protocol for this tracker. */
+
 uint8_t policy; /**< Reassembly policy this tracker will use. */
 
 uint8_t af; /**< Address family for this tracker, AF_INET or
@@ -268,6 +270,8 @@ DefragHashCompare(void *a, uint16_t a_le
 return 0;
 else if (!CMP_ADDR(>dst_addr, >dst_addr))
 return 0;
+else if (dta->proto != dtb->proto)
+return 0;
 
 /* Match. */
 return 1;
@@ -1140,6 +1144,7 @@ DefragGetTracker(ThreadVars *tv, DecodeT
 DefragTrackerReset(tracker);
 tracker->af = lookup_key->af;
 tracker->id = lookup_key->id;
+tracker->proto = IP_GET_IPPROTO(p);
 tracker->src_addr = lookup_key->src_addr;
 tracker->dst_addr = lookup_key->dst_addr;
 tracker->policy = DefragGetOsPolicy(p);



Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#856649: suricata: IPv4 defrag evasion issue

2017-03-20 Thread Arturo Borrero Gonzalez 
On 19 March 2017 at 20:22, Salvatore Bonaccorso  wrote:
>
> It's CVE-2017-7177. I have updated the security-tracker.
>

Yes, thanks Salvatore. All seems right.

The upload with the fix is in unstable, in his way for stretch.

I would like to ask, What are your plans regarding wheezy?

Bug#856649: suricata: IPv4 defrag evasion issue

2017-03-19 Thread Salvatore Bonaccorso 
Control: retitle -1 suricata: CVE-2017-7177: IPv4 defrag evasion issue

On Wed, Mar 15, 2017 at 07:36:26AM +, Chris Lamb wrote:
> Hi,
> 
> > suricata: IPv4 defrag evasion issue
> 
> Any update with getting a CVE on this? :)

It's CVE-2017-7177. I have updated the security-tracker.

Regards,
Salvatore

Bug#856649: suricata: IPv4 defrag evasion issue

2017-03-15 Thread Salvatore Bonaccorso 
Hello Chris,

On Wed, Mar 15, 2017 at 07:36:26AM +, Chris Lamb wrote:
> Hi,
> 
> > suricata: IPv4 defrag evasion issue
> 
> Any update with getting a CVE on this? :)

No, unfortuantely we haven't heard back yet.

Regards,
Salvatore

Bug#856649: suricata: IPv4 defrag evasion issue

2017-03-15 Thread Chris Lamb 
Hi,

> suricata: IPv4 defrag evasion issue

Any update with getting a CVE on this? :)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#856649: suricata: IPv4 defrag evasion issue

2017-03-03 Thread Salvatore Bonaccorso 
Source: suricata
Version: 2.0.7-2
Severity: important
Tags: patch upstream security
Forwarded: https://redmine.openinfosecfoundation.org/issues/2019

Details:

https://redmine.openinfosecfoundation.org/issues/2019
Fixed by:
https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8
(3.2.1)

No CVE assigned yet. Can you please update the bug once known.

Regards,
Salvatore