[Bro] Uodate: OpenSSL security issue affecting Bro

Daniel Guerra daniel.guerra69 at gmail.com
Sat Dec 5 06:32:00 PST 2015 

Hi Johanna,

My latest docker project has been fixed for this. I tried your test before
and after the update en can confirm it works on debian.

Thanx

> On 05 Dec 2015, at 00:51, Johanna Amann <johanna at icir.org> wrote:
> 
> Hello,
> 
> we just posted an updated blog post describing the problem to
> http://blog.bro.org/2015/12/openssl-security-issue-affecting-bro.html.
> 
> Please note, that different from the original descriptions, default
> installations of Bro that use broctl are vulnerable; a quick fix is to not
> load protocols/ssl/validate-certs.bro in local.bro.
> 
> The blog post also contains instructions on how to test if your local
> openssl installation is vulnerable.
> 
> Johanna
> 
> On Thu, Dec 03, 2015 at 12:01:28PM -0800, Johanna Amann wrote:
>> Hello,
>> 
>> The OpenSSL Project today published a security advisory, that affects
>> users of Bro that are using the X.509 certificate validation functionality
>> of Bro. Note that this functionality is not enabled by default - typically
>> it is enabled by either loading the policy script
>> protocols/ssl/validate-certs.bro or protocols/ssl/validate-ocsp.bro.
>> 
>> The OpenSSL bug can cause a null-pointer exception when parsing certain
>> malformed X.509 certificates and can potentially be used for DOS attacks.
>> 
>> The issue affects OpenSSL 1.0.1 and 1.0.2 and was fixed in OpenSSL 1.0.1q
>> and 1.0.2e respectively. If you use Bro and perform certificate
>> validation, you should update as soon as possible.
>> 
>> The original OpenSSL security advisory is available at
>> https://www.openssl.org/news/secadv/20151203.txt. It also contains a few
>> other issues that are not directly applicable to Bro.
>> 
>> Johanna
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>> 
>> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list