Logstash 2.3.2 Vulnerability with Netflow codec plugin


(Suyog Rao) #1

Hi all, we've published ESA-2016-06 for a vulnerability in netflow codec plugin for Logstash 2.3.2. Thanks to Jorrit Folmer (maintainer of netflow codec) for reporting and fixing this issue. Details below:

Vulnerability Summary: In Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.

Remediation Summary: Users that currently use Logstash's netflow codec plugin or may want to use it in the future should upgrade to 2.3.3 or later versions


(system) #2