Bug#856649: suricata: IPv4 defrag evasion issue
Source: suricata Source-Version: 3.2.1-1~exp1 Hi Sascha, On Mon, Apr 10, 2023 at 11:11:12PM +0200, Sascha Steinbiss wrote: > Hi Salvatore, > > > > (re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649) > > > > > > Can we just close this bug? This has been addressed for years, and I am > > > not > > > sure we need to keep these open forever. > > > > Can you pin point the upstream version where this was fixed? > > Sure, you did so yourself in your original bug report from 2017 [1] :) > It's upstream version 3.2.1, which is confirmed by the tags listed in the > commit on GitHub and the target version of the fix in upstream's Redmine. > That version was uploaded to unstable later in March 2017 [2]. Wow that is embarassing :-(. Yes let's close this bug. Metadata was already tracking it correctly, but there is no point in keeping the bug open. Thanks for prodding again. Regards, Salvatore
Bug#856649: suricata: IPv4 defrag evasion issue
Hi Salvatore, (re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649) Can we just close this bug? This has been addressed for years, and I am not sure we need to keep these open forever. Can you pin point the upstream version where this was fixed? Sure, you did so yourself in your original bug report from 2017 [1] :) It's upstream version 3.2.1, which is confirmed by the tags listed in the commit on GitHub and the target version of the fix in upstream's Redmine. That version was uploaded to unstable later in March 2017 [2]. Just FYI: we're at 6.0.10 now. Best regards Sascha [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649#5 [2] https://tracker.debian.org/news/841144/accepted-suricata-321-1-source-into-unstable/ OpenPGP_signature Description: OpenPGP digital signature
Bug#856649: suricata: IPv4 defrag evasion issue
Hi, On Sun, Apr 09, 2023 at 01:16:34PM +0200, Sascha Steinbiss wrote: > Hi, > > (re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649) > > Can we just close this bug? This has been addressed for years, and I am not > sure we need to keep these open forever. Can you pin point the upstream version where this was fixed? Regards, Salvatore
Bug#856649: suricata: IPv4 defrag evasion issue
Hi, (re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856649) Can we just close this bug? This has been addressed for years, and I am not sure we need to keep these open forever. Thanks and best regards Sascha OpenPGP_signature Description: OpenPGP digital signature
Bug#856649: suricata: IPv4 defrag evasion issue
Hi Arturo, > I would like to ask, What are your plans regarding wheezy? Just jumping in here as I just had a look at backporting this patch. I think there might be some issues with the upstream patch anyway, eg.: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8#commitcomment-21401303 Apart from that, how about: --- suricata-1.2.1.orig/src/defrag.c +++ suricata-1.2.1/src/defrag.c @@ -174,6 +174,8 @@ typedef struct DefragTracker_ { uint32_t id; /**< IP ID for this tracker. 32 bits for IPv6, 16 * for IPv4. */ +uint8_t proto; /**< IP protocol for this tracker. */ + uint8_t policy; /**< Reassembly policy this tracker will use. */ uint8_t af; /**< Address family for this tracker, AF_INET or @@ -268,6 +270,8 @@ DefragHashCompare(void *a, uint16_t a_le return 0; else if (!CMP_ADDR(>dst_addr, >dst_addr)) return 0; +else if (dta->proto != dtb->proto) +return 0; /* Match. */ return 1; @@ -1140,6 +1144,7 @@ DefragGetTracker(ThreadVars *tv, DecodeT DefragTrackerReset(tracker); tracker->af = lookup_key->af; tracker->id = lookup_key->id; +tracker->proto = IP_GET_IPPROTO(p); tracker->src_addr = lookup_key->src_addr; tracker->dst_addr = lookup_key->dst_addr; tracker->policy = DefragGetOsPolicy(p); Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#856649: suricata: IPv4 defrag evasion issue
On 19 March 2017 at 20:22, Salvatore Bonaccorsowrote: > > It's CVE-2017-7177. I have updated the security-tracker. > Yes, thanks Salvatore. All seems right. The upload with the fix is in unstable, in his way for stretch. I would like to ask, What are your plans regarding wheezy?
Bug#856649: suricata: IPv4 defrag evasion issue
Control: retitle -1 suricata: CVE-2017-7177: IPv4 defrag evasion issue On Wed, Mar 15, 2017 at 07:36:26AM +, Chris Lamb wrote: > Hi, > > > suricata: IPv4 defrag evasion issue > > Any update with getting a CVE on this? :) It's CVE-2017-7177. I have updated the security-tracker. Regards, Salvatore
Bug#856649: suricata: IPv4 defrag evasion issue
Hello Chris, On Wed, Mar 15, 2017 at 07:36:26AM +, Chris Lamb wrote: > Hi, > > > suricata: IPv4 defrag evasion issue > > Any update with getting a CVE on this? :) No, unfortuantely we haven't heard back yet. Regards, Salvatore
Bug#856649: suricata: IPv4 defrag evasion issue
Hi, > suricata: IPv4 defrag evasion issue Any update with getting a CVE on this? :) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#856649: suricata: IPv4 defrag evasion issue
Source: suricata Version: 2.0.7-2 Severity: important Tags: patch upstream security Forwarded: https://redmine.openinfosecfoundation.org/issues/2019 Details: https://redmine.openinfosecfoundation.org/issues/2019 Fixed by: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8 (3.2.1) No CVE assigned yet. Can you please update the bug once known. Regards, Salvatore