Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

analysisd: fix heap overflow in rootkit decoder. #1825

Merged
merged 1 commit into from
Jan 17, 2020

Commits on Jan 16, 2020

  1. analysisd: fix heap overflow in rootkit decoder.

    The `RK_File` function of the rootcheck decoder needs to ensure it
    doesn't index outside of `MAX_AGENTS` when trying to find/open
    a rootcheck file for a given agent.
    
    Prev. to this change the value of `i` could exceed `MAX_AGENTS`
    resulting in a heap buffer overflow accessing `rk_agent_ips[i]` or
    `rk_agent_fps[i]`.
    
    The fix is adapted from similar logic in the syscheck decoder, added as
    a response to a matching vulnerability in that decoder patched in 2012.
    Daniel committed Jan 16, 2020
    Configuration menu
    Copy the full SHA
    1fe7768 View commit details
    Browse the repository at this point in the history