CVE-2018-1000167
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can result in Remote Code Execution(even as root if suricata-update is called by root). This attack appears to be exploitable via a specially crafted yaml-file at https://www.openinfosecfoundation.org/rules/index.yaml. This vulnerability appears to have been fixed in 1.0.0b1.
OISF suricata-update 1.0.0a1 contiene una vulnerabilidad de deserialización no segura en la función insegura yaml.load, tal y como se emplea en los siguientes archivos: config.py:136, config.py:142, sources.py:99 y sources.py:131. El comando "list-sources" se ha visto afectado por este error que puede resultar en la ejecución remota de código (incluso como root si suricata-update es llamado por root). Este ataque parece ser explotable mediante un archivo yaml especialmente manipulado en https://www.openinfosecfoundation.org/rules/index.yaml. La vulnerabilidad parece haber sido solucionada en la versión 1.0.0b1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-04-06 CVE Reserved
- 2018-04-18 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-11-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://redmine.openinfosecfoundation.org/issues/2359 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://tech.feedyourhead.at/content/remote-code-execution-in-suricata-update | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oisf Search vendor "Oisf" | Suricata-update Search vendor "Oisf" for product "Suricata-update" | 1.0.0a1 Search vendor "Oisf" for product "Suricata-update" and version "1.0.0a1" | - |
Affected
|