[Bro-Dev] [JIRA] (BIT-1195) SSL: subject overflow in issuer_subject
Robin Sommer (JIRA)
jira at bro-tracker.atlassian.net
Tue Jun 3 12:39:07 PDT 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robin Sommer updated BIT-1195:
------------------------------
Status: Closed (was: Merge Request)
> SSL: subject overflow in issuer_subject
> ---------------------------------------
>
> Key: BIT-1195
> URL: https://bro-tracker.atlassian.net/browse/BIT-1195
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master, 2.2
> Environment: Tested on Debian and Security Onion
> Reporter: Anthony Verez
> Assignee: Robin Sommer
> Fix For: 2.3
>
> Attachments: 2.2_logs.tar.gz, capture.pcap, master_logs.tar.gz
>
>
> Hi,
> I found a string overflow of subject into issuer_subject that can be seen in both ssl.log (2.2 and master) and x509.log (master)
> Steps to reproduce:
> 1. Start capturing
> 2. openssl s_client -connect 63.245.215.80:443
> 3. Stop capturing
> 4. Load the pcap in Bro
> Problem:
> * cat -t master_logs/ssl.log -> "Orga^Inization"
> * cat -t master_logs/x509.log -> "Orga^Inization"
> * cat -t 2.2_logs/x509.log -> "Orga^Inization"
> Whereas the openssl command above gives
> subject=/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/serialNumber=C2543436/street=650 Castro St Ste 300/postalCode=94041/C=US/ST=CA/L=Mountain View/O=Mozilla Foundation/CN=bugzilla.mozilla.org
> issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV CA-1
> I have attached:
> * the pcap
> * logs in both 2.2 and master (bro -r capture.pcap)
> Great job on beta 2.3 :-)
--
This message was sent by Atlassian JIRA
(v6.3-OD-06-017#6327)
More information about the bro-dev
mailing list