Project

General

Profile

Actions
Copy link

Bug #6080

closed
JF JF

pgsql/probe: TCP on 5432 traffic incorrectly tagged as PGSQL

Bug #6080: pgsql/probe: TCP on 5432 traffic incorrectly tagged as PGSQL

Added by Juliana Fajardini Reichow almost 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Juliana Fajardini Reichow
Target version:
8.0.0-beta1
Affected Versions:
git main
Effort:
Difficulty:
Label:

Description

https://github.com/OISF/suricata/pull/8892#issuecomment-1552379497 shows Suricata incorrectly tagging 5432 over TCP traffic as PGSQL.
The traffic itself doesn't show PGSQL characteristics.

Pcap was shared privately as it's tlp-red.

Subtasks 1 (0 open1 closed)

Bug #6508: pgsql/probe: TCP on 5432 traffic incorrectly tagged as PGSQL (7.0.x backport)ClosedJuliana Fajardini ReichowActions

Related issues 1 (0 open1 closed)

Related to Suricata - Security #6411: pgsql: quadratic complexity leads to over consumption of memoryClosedPhilippe AntoineActions

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
 #1

  • Priority changed from Normal to Low

JF Updated by Juliana Fajardini Reichow almost 3 years ago Actions
Copy link
 #2

  • Status changed from New to Assigned

JF Updated by Juliana Fajardini Reichow almost 3 years ago Actions
Copy link
 #3

  • Target version changed from 7.0.0-rc2 to 7.0.0

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
 #4

  • Target version changed from 7.0.0 to 8.0.0-beta1

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
 #5

  • Priority changed from Low to Normal

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
 #6

  • Label Needs backport to 7.0 added

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
 #7

  • Related to Security #6411: pgsql: quadratic complexity leads to over consumption of memory added

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
 #8

Fix is
- in case parser::pgsql_parse_response(input).is_ok() also check that this is not PgsqlBEMessage::UnknownMessageType
- also deduplicate header parsing (identifier, and length) so that it is also used for this unknown type (that is https://gitlab.oisf.net/dev/suricata/-/merge_requests/676/diffs?commit_id=123f35b2d4785794f25a1b7e28e8b633269d76cb )

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #9

  • Subtask #6508 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #10

  • Label deleted (Needs backport to 7.0)

JF Updated by Juliana Fajardini Reichow over 2 years ago Actions
Copy link
 #11

  • Status changed from Assigned to In Review

JF Updated by Juliana Fajardini Reichow over 2 years ago Actions
Copy link
 #12

  • Status changed from In Review to Resolved

JF Updated by Juliana Fajardini Reichow over 2 years ago Actions
Copy link
 #13

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: PDF Atom