Permalink
Browse files

Bug fix for CVE-2014-0039

Bug fix for vulnerability CVE-2014-0039 reported by Murray McAllister of
the Red Hat Security Team in which an attacker-controlled fwsnort.conf
file could be read by fwsnort when not running as root.  This was caused
by fwsnort reading './fwsnort.conf' when not running as root and when a
path to the config file was not explicitly set with -c on the command
line.  This behavior has been changed to require the user to specify a
path to fwsnort.conf with -c when not running as root.
  • Loading branch information...
1 parent 8a5e58a commit fa977453120cc48e1654f373311f9cac468d3348 @mrash committed Feb 1, 2014
Showing with 23 additions and 2 deletions.
  1. +9 −0 CREDITS
  2. +9 −0 ChangeLog
  3. +3 −1 fwsnort
  4. +2 −1 fwsnort.8
View
@@ -90,3 +90,12 @@ Dwight Davis
handling --strict mode opertions correctly, and more. These issues and
the corresponding patch were originally reported here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693000
+
+Murray McAllister (Red Hat Security Team)
+ - Reported a bug fix for vulnerability CVE-2014-0039 in which an attacker-
+ controlled fwsnort.conf file could be read by fwsnort when not running as
+ root. This was caused by fwsnort reading './fwsnort.conf' when not
+ running as root and when a path to the config file was not explicitly set
+ with -c on the command line. This behavior has been changed to require
+ the user to specify a path to fwsnort.conf with -c when not running as
+ root.
View
@@ -1,3 +1,12 @@
+fwsnort-1.6.4 (02//2014):
+ - Bug fix for vulnerability CVE-2014-0039 reported by Murray McAllister of
+ the Red Hat Security Team in which an attacker-controlled fwsnort.conf
+ file could be read by fwsnort when not running as root. This was caused
+ by fwsnort reading './fwsnort.conf' when not running as root and when a
+ path to the config file was not explicitly set with -c on the command
+ line. This behavior has been changed to require the user to specify a
+ path to fwsnort.conf with -c when not running as root.
+
fwsnort-1.6.3 (12/21/2012):
- Bug fix to ensure that !, <, >, and = chars in content strings are
converted to the appropriate hex equivalents. All content strings with
View
@@ -4660,8 +4660,10 @@ sub is_root() {
}
sub set_non_root_values() {
+
if ($fwsnort_conf eq $CONFIG_DEFAULT) {
- $fwsnort_conf = './fwsnort.conf';
+ die "[*] Must specify a path to readable ",
+ "fwsnort.conf file when not running as root.";
}
&set_defaults_without_ipt_test();
View
@@ -82,7 +82,8 @@ By default fwsnort makes use of the configuration file
.B /etc/fwsnort/fwsnort.conf
for almost all configuration parameters. fwsnort can be made to
override this path by specifying a different file on the command
-line with the \-\-config option.
+line with the \-\-config option. When fwsnort is not executed as root, then
+a path to a readable fwsnort.conf file is required.
.TP
.BR \-\^\-update-rules
Download the latest Emerging Threats rules from http://www.emergingthreats.net

0 comments on commit fa97745

Please sign in to comment.