Bug 2218778 (CVE-2023-35852) - CVE-2023-35852 suricata: directory traversal
Summary: CVE-2023-35852 suricata: directory traversal
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2023-35852
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2218780 2218781
Blocks: 2215922
TreeView+ depends on / blocked
 
Reported: 2023-06-30 06:47 UTC by TEJ RATHI
Modified: 2023-07-04 07:44 UTC (History)
0 users

Fixed In Version: Suricata 6.0.13
Doc Type: ---
Doc Text:
OISF Suricata could allow a remote attacker to traverse directories on the system, caused by improper validation of dataset filename. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
Clone Of:
Environment:
Last Closed: 2023-07-04 07:44:08 UTC
Embargoed:

Attachments (Terms of Use)

Description TEJ RATHI 2023-06-30 06:47:50 UTC 
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.

https://www.stamus-networks.com/stamus-labs
https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13
https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335
https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17
Comment 1 TEJ RATHI 2023-06-30 06:49:04 UTC 
Created suricata tracking bugs for this issue:

Affects: epel-all [bug 2218781]
Affects: fedora-all [bug 2218780]
Comment 2 Product Security DevOps Team 2023-07-04 07:44:05 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Note You need to log in before you can comment on or make changes to this bug.