Security #958: SSL parsing issue (master) - Suricata - Open Information Security Foundation

Actions

Copy link

Security #958

closed

Security #955: SSL parsing issue

SSL parsing issue (master)

Added by Victor Julien over 10 years ago. Updated over 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Anoop Saldanha

Target version:

2.0beta2

Affected Versions:

Label:

CVE:

2013-5919

Git IDs:

cd80dcbfd4616582daa39fa56960208ee8e23262
cd7f0273a21880cff8ff927abb327a30270015ba

Severity:

Disclosure Date:

Description

Same as #955

CVE-2013-5919 reported by Sebastian Roschke.

Actions

Copy link

Updated by Victor Julien over 10 years ago

Description updated (diff)

Actions

Copy link

Updated by Victor Julien over 10 years ago

Status changed from Assigned to Closed
% Done changed from 0 to 100

Fixed by:

commit cd7f0273a21880cff8ff927abb327a30270015ba
Author: Anoop Saldanha <anoopsaldanha@gmail.com>
Date:   Tue Sep 24 11:31:37 2013 +0530

    Add decoder event rule for tls event "invalid_ssl_record", which will now be available "app-layer-event:tls.invalid_ssl_record".

commit cd80dcbfd4616582daa39fa56960208ee8e23262
Author: Anoop Saldanha <anoopsaldanha@gmail.com>
Date:   Fri Sep 13 19:57:29 2013 +0530

    bug #955 - Fix SSL parsing issue.

    The parser wasn't carrying out a bounds check on record length while
    in the middle of parsing a handshake.  As a result we would step onto the
    next record header and consider it a part of the current handshake.

    - Contains an unittest to test the issue.
    - Disable the duplicate parser unittest registration.

    The issue came to light through an irregular ssl record, which was
    reported by Sebastian Roschke, via CVE-2013-5919.

    Thanks to Sebastian Roschke for reporting this issue.

Actions

Copy link