Main Vulnerability Database SB2018072316

SB2018072316 - Input validation error in Suricata

Published: July 23, 2018 Updated: July 17, 2020

Security Bulletin ID SB2018072316

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2016-10728)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.

Remediation

Install update from vendor's website.

References

https://github.com/kirillwow/ids_bypass
https://lists.debian.org/debian-lts-announce/2018/09/msg00019.html
https://redmine.openinfosecfoundation.org/issues/1880
https://suricata-ids.org/2016/09/07/suricata-3-1-2-released/