#VU11123 Security restrictions bypass in Suricata - CVE-2018-6794

Cybersecurity Help s.r.o.

Published: 2018-03-16 | Updated: 2021-06-17

Vulnerability identifier: #VU11123

Vulnerability risk: Low

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-6794

CWE-ID: CWE-693

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Suricata
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Open Information Security Foundation

Description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.

The weakness exists in the detect.c and stream-tcp.c source code files due to improper security restrictions. A remote attacker can submit specially crafted data from a malicious server and bypass security restrictions.

Mitigation
Update to version 4.0.4.

Vulnerable software versions

Suricata: 4.0 - 4.0.3

External links
https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346a742e3f77a1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Security restrictions bypass in Suricata

Fedora EPEL 7 update for suricata

Fedora 27 update for suricata