JVNVU#94371484: Packetbeat vulnerable to denial-of-service (DoS)

Overview

Packetbeat provided by Elastic contains a denial-of-service (DoS) vulnerability.

Products Affected

Packetbeat prior to version 5.6.4

Description

Packetbeat provided by Elastic is a network packet analyzer. Packetbeat contains a flaw in processing the PostgreSQL handler (CWE-129) .

Impact

Processing a specially crafted packet may lead to a denial-of-service (DoS).

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Apply a Workaround
Disable the PostgreSQL protocol

Vendor Status

Vendor	Link
Elastic	Beats 5.6.4 security update
	Fix missing length check in PgSQL #5457

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score: 5.3

Attack Vector(AV)	Physical (P)	Local (L)	Adjacent (A)	Network (N)
Attack Complexity(AC)	High (H)	Low (L)
Privileges Required(PR)	High (H)	Low (L)	None (N)
User Interaction(UI)	Required (R)	None (N)
Scope(S)	Unchanged (U)	Changed (C)
Confidentiality Impact(C)	None (N)	Low (L)	High (H)
Integrity Impact(I)	None (N)	Low (L)	High (H)
Availability Impact(A)	None (N)	Low (L)	High (H)

CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Score: 5.0

Access Vector(AV)	Local (L)	Adjacent Network (A)	Network (N)
Access Complexity(AC)	High (H)	Medium (M)	Low (L)
Authentication(Au)	Multiple (M)	Single (S)	None (N)
Confidentiality Impact(C)	None (N)	Partial (P)	Complete (C)
Integrity Impact(I)	None (N)	Partial (P)	Complete (C)
Availability Impact(A)	None (N)	Partial (P)	Complete (C)

Credit

Teppei Fukuda reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2017-11480
JVN iPedia

JVNVU#94371484 Packetbeat vulnerable to denial-of-service (DoS)