svn commit: r503190 - head/security/vuxml
Craig Leres
leres at FreeBSD.org
Fri May 31 19:18:00 UTC 2019
Author: leres
Date: Fri May 31 19:17:59 2019
New Revision: 503190
URL: https://svnweb.freebsd.org/changeset/ports/503190
Log:
security/vuxml: Mark bro < 2.6.2 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS
The issue is unsafe integer conversions that can cause unintentional
code paths to be executed.
Reviewed by: ler (mentor)
Approved by: ler (mentor)
Security: CVE-2019-12175
Differential Revision: https://reviews.freebsd.org/D20481
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri May 31 18:58:39 2019 (r503189)
+++ head/security/vuxml/vuln.xml Fri May 31 19:17:59 2019 (r503190)
@@ -58,6 +58,61 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="177fa455-48fc-4ded-ba1b-9975caa7f62a">
+ <topic>bro -- Unsafe integer conversions can cause unintentional code paths to be executed</topic>
+ <affects>
+ <package>
+ <name>bro</name>
+ <range><lt>2.6.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jon Siwek of Corelight reports:</p>
+ <blockquote cite="https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS">
+ <p>The following Denial of Service vulnerabilities are addressed:</p>
+ <ul>
+ <li>Integer type mismatches in BinPAC-generated parser code
+ and Bro analyzer code may allow for crafted packet data
+ to cause unintentional code paths in the analysis logic
+ to be taken due to unsafe integer conversions causing the
+ parser and analysis logic to each expect different fields
+ to have been parsed. One such example, reported by Maksim
+ Shudrak, causes the Kerberos analyzer to dereference a
+ null pointer. CVE-2019-12175 was assigned for this issue.</li>
+
+ <li>The Kerberos parser allows for several fields to be left
+ uninitialized, but they were not marked with an &optional
+ attribute and several usages lacked existence checks.
+ Crafted packet data could potentially cause an attempt
+ to access such uninitialized fields, generate a runtime
+ error/exception, and leak memory. Existence checks and
+ &optional attributes have been added to the relevent
+ Kerberos fields.</li>
+
+ <li>BinPAC-generated protocol parsers commonly contain fields
+ whose length is derived from other packet input, and for
+ those that allow for incremental parsing, BinPAC did not
+ impose a limit on how large such a field could grow,
+ allowing for remotely-controlled packet data to cause
+ growth of BinPAC's flowbuffer bounded only by the numeric
+ limit of an unsigned 64-bit integer, leading to memory
+ exhaustion. There is now a generalized limit for how
+ large flowbuffers are allowed to grow, tunable by setting
+ "BinPAC::flowbuffer_capacity_max".</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-12175</cvename>
+ </references>
+ <dates>
+ <discovery>2019-05-29</discovery>
+ <entry>2019-05-31</entry>
+ </dates>
+ </vuln>
+
<vuln vid="183d700e-ec70-487e-a9c4-632324afa934">
<topic>ImageMagick -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list