FreeBSD: VID-60D4D31A-A573-41BD-8C1E-5AF7513C1EE9: zeek -- potential DoS vulnerabilities
Description
Tim Wojtulewicz of Corelight reports:
Fix an issue where a specially-crafted FTP packet can
cause Zeek to spend large amounts of time attempting to
search for valid commands in the data stream.
Fix a possible overflow in the Zeek dictionary code
that may lead to a memory leak.
Fix an issue where a specially-crafted packet can
cause Zeek to spend large amounts of time reporting
analyzer violations.
Fix a possible assert and crash in the HTTP analyzer
when receiving a specially crafted packet.
Fix an issue where a specially-crafted HTTP or SMTP
packet can cause Zeek to spend a large amount of time
attempting to search for filenames within the packet data.
Fix two separate possible crashes when converting
processed IP headers for logging via the raw_packet event
handlers.
Solution(s)
- freebsd-upgrade-package-zeek
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center