Actions
Security #7195
closed
PA
PA
datasets: rule with unset makes suricata abort
Security #7195:
datasets: rule with unset makes suricata abort
Git IDs:
e47598110a557bb9f87ea498d85ba91a45bb0cb6
Severity:
HIGH
Disclosure Date:
Description
Running SV datasets-03-set test with added rule
diff --git a/tests/datasets-03-set/test.rules b/tests/datasets-03-set/test.rules
index 1d99df9d..327c774a 100644
--- a/tests/datasets-03-set/test.rules
+++ b/tests/datasets-03-set/test.rules
@@ -1 +1,2 @@
alert dns any any -> any any (dns.query; dataset:set,dns-seen, type string; sid:1;)
+alert dns any any -> any any (dns.query; content: "example"; dataset:unset,dns-seen, type string; sid:2;)
triggers the abort in DetectDatasetBufferMatch because we get DETECT_DATASET_CMD_UNSET
PA Updated by Philippe Antoine over 1 year ago
- Related to Feature #5576: Dataset is setting data despite the signature being a complete match added
OT Updated by OISF Ticketbot over 1 year ago
- Subtask #7196 added
OT Updated by OISF Ticketbot over 1 year ago
- Label deleted (
Needs backport to 7.0)
PA Updated by Philippe Antoine over 1 year ago
- Status changed from New to In Review
Gitlab MR
PA Updated by Philippe Antoine over 1 year ago
unset support in datasets was half-done.
A fix can be implementing the missing support
Another fix can be to reject such rules for now
VJ Updated by Victor Julien over 1 year ago
- Severity changed from MODERATE to HIGH
HIGH as it requires a bad rule, but then it aborts in defined way.
JF Updated by Juliana Fajardini Reichow over 1 year ago
- CVE set to 2024-45795
PA Updated by Philippe Antoine over 1 year ago
- Status changed from In Review to Resolved
PA Updated by Philippe Antoine over 1 year ago
Still SV test to merge before closing https://github.com/OISF/suricata-verify/pull/2065
PA Updated by Philippe Antoine over 1 year ago
- Git IDs updated (diff)
VJ Updated by Victor Julien over 1 year ago
- Private changed from Yes to No
PA Updated by Philippe Antoine over 1 year ago
- Status changed from Resolved to Closed
Actions