Think you have a false positive on this rule?

Sid 1-49881

Message

SERVER-OTHER Corosync 2.3+ with md5 integer overflow attempt detected

Summary

This event is generated when an corosync 2.3 integer overflow attempt is detected with md5.

Impact

Misc Attack

CVE-2018-1084:

CVSS base score 9.8

CVSS impact score 5.9

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2018-1084: corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.

Affected systems

  • corosync corosync 2.0.0
  • corosync corosync 2.0.1
  • corosync corosync 2.0.2
  • corosync corosync 2.0.3
  • corosync corosync 2.1.0
  • corosync corosync 2.1.1
  • corosync corosync 2.2.0
  • corosync corosync 2.3.0
  • debian debian_linux 9.0
  • redhat enterpriselinuxserver 7.0

Ease of attack

CVE-2018-1084:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • www.securityfocus.com/bid/103758/info