Bug 2218778 (CVE-2023-35852) - CVE-2023-35852 suricata: directory traversal
Summary: CVE-2023-35852 suricata: directory traversal
Alias: CVE-2023-35852
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2218780 2218781
Blocks: 2215922
TreeView+ depends on / blocked
Reported: 2023-06-30 06:47 UTC by TEJ RATHI
Modified: 2023-07-04 07:44 UTC (History)
0 users

Fixed In Version: Suricata 6.0.13
Doc Type: ---
Doc Text:
OISF Suricata could allow a remote attacker to traverse directories on the system, caused by improper validation of dataset filename. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
Clone Of:
Last Closed: 2023-07-04 07:44:08 UTC

Attachments (Terms of Use)

Description TEJ RATHI 2023-06-30 06:47:50 UTC
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.


Comment 1 TEJ RATHI 2023-06-30 06:49:04 UTC
Created suricata tracking bugs for this issue:

Affects: epel-all [bug 2218781]
Affects: fedora-all [bug 2218780]

Comment 2 Product Security DevOps Team 2023-07-04 07:44:05 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.

Note You need to log in before you can comment on or make changes to this bug.