CVE-2018-1000167
Description
OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can result in Remote Code Execution(even as root if suricata-update is called by root). This attack appears to be exploitable via a specially crafted yaml-file at https://www.openinfosecfoundation.org/rules/index.yaml. This vulnerability appears to have been fixed in 1.0.0b1.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | suricata-update | <1.0.0b1 | 1.0.0b1 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000167
- https://github.com/OISF/suricata-update/pull/23
- https://github.com/OISF/suricata-update/commit/76270e73128ca1299b4e33e7e2a74ac3d963a97a
- https://github.com/OISF/suricata-update
- https://github.com/pypa/advisory-database/tree/main/vulns/suricata-update/PYSEC-2018-75.yaml
- https://redmine.openinfosecfoundation.org/issues/2359
- https://tech.feedyourhead.at/content/remote-code-execution-in-suricata-update
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.