Tim Wojtulewicz of Corelight reports:
A specially-crafted SSL packet could cause Zeek to
leak memory and potentially crash.
A specially-crafted series of FTP packets could cause
Zeek to log entries for requests that have already been
completed, using resources unnecessarily and potentially
causing Zeek to lose other traffic.
A specially-crafted series of SSL packets could cause
Zeek to output a very large number of unnecessary alerts
for the same record.
A specially-crafted series of SSL packets could cause
Zeek to generate very long ssl_history fields in the
ssl.log, potentially using a large amount of memory due
to unbounded state growth
A specially-crafted IEEE802.11 packet could cause
Zeek to overflow memory and potentially crash
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center