Think you have a false positive on this rule?

Sid 1-49884

Message

SERVER-OTHER Corosync 2.3+ with sha512 integer overflow attempt detected

Summary

This event is generated when a corosync 2.3+ set to sha512 integer overflow attempt is detected.

Impact

Misc Attack

CVE-2018-1084:

CVSS base score 9.8

CVSS impact score 5.9

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2018-1084: corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.

Affected systems

  • corosync corosync 2.0.0
  • corosync corosync 2.0.1
  • corosync corosync 2.0.2
  • corosync corosync 2.0.3
  • corosync corosync 2.1.0
  • corosync corosync 2.1.1
  • corosync corosync 2.2.0
  • corosync corosync 2.3.0
  • debian debian_linux 9.0
  • redhat enterpriselinuxserver 7.0

Ease of attack

CVE-2018-1084:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • www.securityfocus.com/bid/103758/info