Think you have a false positive on this rule?

Sid 1-49884

Message

SERVER-OTHER Corosync 2.3+ with sha512 integer overflow attempt detected

Summary

This event is generated when a corosync 2.3+ set to sha512 integer overflow attempt is detected.

Impact

Misc Attack

CVE-2018-1084:

CVSS base score 9.8

CVSS impact score 5.9

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2018-1084: corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.

Affected systems

corosync corosync 2.0.0
corosync corosync 2.0.1
corosync corosync 2.0.2
corosync corosync 2.0.3
corosync corosync 2.1.0
corosync corosync 2.1.1
corosync corosync 2.2.0
corosync corosync 2.3.0
debian debian_linux 9.0
redhat enterpriselinuxserver 7.0

Ease of attack

CVE-2018-1084:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

Cisco Talos Intelligence Group

Additional References

www.securityfocus.com/bid/103758/info

©2019 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.

Privacy Policy | Snort License | FAQ | Sitemap

Follow us on twitter