[Bro] Uodate: OpenSSL security issue affecting Bro
daniel.guerra69 at gmail.com
Sat Dec 5 06:32:00 PST 2015
My latest docker project has been fixed for this. I tried your test before
and after the update en can confirm it works on debian.
> On 05 Dec 2015, at 00:51, Johanna Amann <johanna at icir.org> wrote:
> we just posted an updated blog post describing the problem to
> Please note, that different from the original descriptions, default
> installations of Bro that use broctl are vulnerable; a quick fix is to not
> load protocols/ssl/validate-certs.bro in local.bro.
> The blog post also contains instructions on how to test if your local
> openssl installation is vulnerable.
> On Thu, Dec 03, 2015 at 12:01:28PM -0800, Johanna Amann wrote:
>> The OpenSSL Project today published a security advisory, that affects
>> users of Bro that are using the X.509 certificate validation functionality
>> of Bro. Note that this functionality is not enabled by default - typically
>> it is enabled by either loading the policy script
>> protocols/ssl/validate-certs.bro or protocols/ssl/validate-ocsp.bro.
>> The OpenSSL bug can cause a null-pointer exception when parsing certain
>> malformed X.509 certificates and can potentially be used for DOS attacks.
>> The issue affects OpenSSL 1.0.1 and 1.0.2 and was fixed in OpenSSL 1.0.1q
>> and 1.0.2e respectively. If you use Bro and perform certificate
>> validation, you should update as soon as possible.
>> The original OpenSSL security advisory is available at
>> https://www.openssl.org/news/secadv/20151203.txt. It also contains a few
>> other issues that are not directly applicable to Bro.
>> Bro mailing list
>> bro at bro-ids.org
> Bro mailing list
> bro at bro-ids.org
More information about the Bro