Project

General

Profile

Actions

Bug #6080

closed

pgsql/probe: TCP on 5432 traffic incorrectly tagged as PGSQL

Added by Juliana Fajardini Reichow over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

https://github.com/OISF/suricata/pull/8892#issuecomment-1552379497 shows Suricata incorrectly tagging 5432 over TCP traffic as PGSQL.
The traffic itself doesn't show PGSQL characteristics.

Pcap was shared privately as it's tlp-red.


Subtasks 1 (0 open1 closed)

Bug #6508: pgsql/probe: TCP on 5432 traffic incorrectly tagged as PGSQL (7.0.x backport)ClosedJuliana Fajardini ReichowActions

Related issues 1 (0 open1 closed)

Related to Suricata - Security #6411: pgsql: quadratic complexity leads to over consumption of memoryClosedPhilippe AntoineActions
Actions #1

Updated by Victor Julien over 1 year ago

  • Priority changed from Normal to Low
Actions #2

Updated by Juliana Fajardini Reichow over 1 year ago

  • Status changed from New to Assigned
Actions #3

Updated by Juliana Fajardini Reichow over 1 year ago

  • Target version changed from 7.0.0-rc2 to 7.0.0
Actions #4

Updated by Victor Julien over 1 year ago

  • Target version changed from 7.0.0 to 8.0.0-beta1
Actions #5

Updated by Victor Julien over 1 year ago

  • Priority changed from Low to Normal
Actions #6

Updated by Philippe Antoine about 1 year ago

  • Label Needs backport to 7.0 added
Actions #7

Updated by Philippe Antoine about 1 year ago

  • Related to Security #6411: pgsql: quadratic complexity leads to over consumption of memory added
Actions #8

Updated by Philippe Antoine about 1 year ago

Fix is
- in case parser::pgsql_parse_response(input).is_ok() also check that this is not PgsqlBEMessage::UnknownMessageType
- also deduplicate header parsing (identifier, and length) so that it is also used for this unknown type (that is https://gitlab.oisf.net/dev/suricata/-/merge_requests/676/diffs?commit_id=123f35b2d4785794f25a1b7e28e8b633269d76cb )

Actions #9

Updated by OISF Ticketbot about 1 year ago

  • Subtask #6508 added
Actions #10

Updated by OISF Ticketbot about 1 year ago

  • Label deleted (Needs backport to 7.0)
Actions #11

Updated by Juliana Fajardini Reichow about 1 year ago

  • Status changed from Assigned to In Review
Actions #12

Updated by Juliana Fajardini Reichow about 1 year ago

  • Status changed from In Review to Resolved
Actions #13

Updated by Juliana Fajardini Reichow about 1 year ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF