Actions
Bug #5770
closedsmb: no consistency check between NBSS length and length field for some SMB operations
Affected Versions:
Effort:
Difficulty:
Label:
Description
For instance for SMB2 write request, the Length
field indicates the length of the buffer contained in the NBSS record
But Suricata takes into account this length independently of the NBSS length for the file, and may thus use too many bytes for the file...
See https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/e7046961-3318-4350-be2a-a8d69bb59ce8
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/829f93f5-ed10-4f12-8347-42d235019459
Updated by Philippe Antoine about 2 years ago
- Status changed from New to In Review
Updated by Philippe Antoine about 2 years ago
- Blocks Feature #4861: smb: support multi-stream file transfers added
Updated by Philippe Antoine almost 2 years ago
- Related to Bug #5786: smb: possible evasion with trailing nbss data added
Updated by Philippe Antoine almost 2 years ago
- Target version changed from TBD to 7.0.0-rc1
Updated by Philippe Antoine almost 2 years ago
- Target version changed from 7.0.0-rc1 to 7.0.0-rc2
Updated by Philippe Antoine almost 2 years ago
- Status changed from In Review to Closed
Fixed by https://github.com/OISF/suricata/pull/8514
Would we want backports for this ?
Updated by Philippe Antoine almost 2 years ago
- Status changed from Closed to Resolved
Updated by Victor Julien almost 2 years ago
- Status changed from Resolved to Closed
Actions