FreeBSD : bro -- Unsafe integer conversions can cause unintentional code paths to be executed (177fa455-48fc-4ded-ba1b-9975caa7f62a)

medium Nessus Plugin ID 125662

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Jon Siwek of Corelight reports :

The following Denial of Service vulnerabilities are addressed :

- Integer type mismatches in BinPAC-generated parser code and Bro analyzer code may allow for crafted packet data to cause unintentional code paths in the analysis logic to be taken due to unsafe integer conversions causing the parser and analysis logic to each expect different fields to have been parsed. One such example, reported by Maksim Shudrak, causes the Kerberos analyzer to dereference a null pointer. CVE-2019-12175 was assigned for this issue.

- The Kerberos parser allows for several fields to be left uninitialized, but they were not marked with an &optional attribute and several usages lacked existence checks. Crafted packet data could potentially cause an attempt to access such uninitialized fields, generate a runtime error/exception, and leak memory. Existence checks and &optional attributes have been added to the relevent Kerberos fields.

- BinPAC-generated protocol parsers commonly contain fields whose length is derived from other packet input, and for those that allow for incremental parsing, BinPAC did not impose a limit on how large such a field could grow, allowing for remotely-controlled packet data to cause growth of BinPAC's flowbuffer bounded only by the numeric limit of an unsigned 64-bit integer, leading to memory exhaustion.
There is now a generalized limit for how large flowbuffers are allowed to grow, tunable by setting 'BinPAC::flowbuffer_capacity_max'.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?cb034f6f

Plugin Details

Severity: Medium

ID: 125662

File Name: freebsd_pkg_177fa45548fc4dedba1b9975caa7f62a.nasl

Version: 1.3

Type: local

Published: 6/3/2019

Updated: 1/13/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bro, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 5/31/2019

Vulnerability Publication Date: 5/29/2019

Reference Information

CVE: CVE-2017-12175