CVE-2014-6603
published 2014-10-07CVE-2014-6603: The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.24%
86.7th percentile
The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | suricata | < suricata 2.0.4-1 (bookworm) | suricata 2.0.4-1 (bookworm) |
| oisf | suricata | >= 0 < 2.0.4-1 | 2.0.4-1 |
| oisf | suricata | >= 0 < 2.0.4-1 | 2.0.4-1 |
| oisf | suricata | >= 0 < 2.0.4-1 | 2.0.4-1 |
| oisf | suricata | >= 0 < 2.0.4-1 | 2.0.4-1 |
| openinfosecfoundation | suricata | <= 2.0.3-2 | — |
| openinfosecfoundation | suricata | — | — |
| openinfosecfoundation | suricata | — | — |
| openinfosecfoundation | suricata | — | — |
| openinfosecfoundation | suricata | — | — |
| openinfosecfoundation | suricata | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2014-6603: suricata - The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2...
vendor_debian·2014·CVSS 5.0
CVE-2014-6603 [MEDIUM] CVE-2014-6603: suricata - The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2...
The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write.
Scope: local
bookworm: resolved (fixed in 2.0.4-1)
bullseye: resolved (fixed in 2.0.4-1)
forky: resolved (fixed in 2.0.4-1)
sid: resolved (fixed in 2.0.4-1)
trixie: resolved (fixed in 2.0.4-1)
GHSA
GHSA-9x5x-99rm-rq9h: The SSHParseBanner function in SSH parser (app-layer-ssh
ghsa_unreviewed·2022-05-14
CVE-2014-6603 [MEDIUM] GHSA-9x5x-99rm-rq9h: The SSHParseBanner function in SSH parser (app-layer-ssh
The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write.
OSV
CVE-2014-6603: The SSHParseBanner function in SSH parser (app-layer-ssh
osv·2014-10-07·CVSS 5.0
CVE-2014-6603 [MEDIUM] CVE-2014-6603: The SSHParseBanner function in SSH parser (app-layer-ssh
The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-6603 suricata: out-of-bounds access in SSH parser
bugzilla·2014-09-24·CVSS 5.0
CVE-2014-6603 [MEDIUM] CVE-2014-6603 suricata: out-of-bounds access in SSH parser
CVE-2014-6603 suricata: out-of-bounds access in SSH parser
It was reported [1] that the application parser for SSH integrated in Suricata contains a flaw that might lead to an out-of-bounds access. For this reason a Denial of Service towards the Suricata monitoring software might be possible using crafted packets on the monitoring interface.
The application parser for SSH (src/app-layer-ssh.c) contains a function SSHParseBanner. In case the parsed buffer is either
"SSH-2.0\r-MySSHClient-0.5.1\n"
or
"SSH-2.0-\rMySSHClient-0.5.1\n"
the function will behave in the wrong way and attempt either a very big memory allocation or an out of bounds array access with negative index, which also might lead to out-of-bounds write access under certain conditions. The problem is caused due to the fa
Bugzilla
CVE-2014-6603 suricata: out-of-bounds access in SSH parser [fedora-all]
bugzilla·2014-09-24·CVSS 5.0
CVE-2014-6603 [MEDIUM] CVE-2014-6603 suricata: out-of-bounds access in SSH parser [fedora-all]
CVE-2014-6603 suricata: out-of-bounds access in SSH parser [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139630.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-October/139821.htmlhttp://packetstormsecurity.com/files/128382/Suricata-2.0.3-Out-Of-Bounds-Access.htmlhttp://seclists.org/fulldisclosure/2014/Sep/79http://www.securityfocus.com/archive/1/533515/100/0/threadedhttp://www.securityfocus.com/bid/70083https://exchange.xforce.ibmcloud.com/vulnerabilities/96157http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139630.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-October/139821.htmlhttp://packetstormsecurity.com/files/128382/Suricata-2.0.3-Out-Of-Bounds-Access.htmlhttp://seclists.org/fulldisclosure/2014/Sep/79http://www.securityfocus.com/archive/1/533515/100/0/threadedhttp://www.securityfocus.com/bid/70083https://exchange.xforce.ibmcloud.com/vulnerabilities/96157
2014-10-07
Published