Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-96D6809A-81DF-46D4-87ED-2F78C79F06B1: zeek -- potential DoS vulnerabilities

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

FreeBSD: VID-96D6809A-81DF-46D4-87ED-2F78C79F06B1: zeek -- potential DoS vulnerabilities

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/12/2023
Created
05/05/2023
Added
04/14/2023
Modified
04/14/2023

Description

Tim Wojtulewicz of Corelight reports:

Receiving DNS responses from async DNS requests (via

A specially-crafted stream of FTP packets containing a

command reply with many intermediate lines can cause Zeek

to spend a large amount of time processing data.

A specially-crafted set of packets containing extremely

large file offsets cause cause the reassembler code to

allocate large amounts of memory.

The DNS manager does not correctly expire responses

that don't contain any data, such those containing NXDOMAIN

or NODATA status codes. This can lead to Zeek allocating

large amounts of memory for these responses and never

deallocating them.

A specially-crafted stream of RDP packets can cause

Zeek to spend large protocol validation.

A specially-crafted stream of SMTP packets can cause

Zeek to spend large amounts of time processing data.

Solution(s)

  • freebsd-upgrade-package-zeek

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;