CVE-2018-1000167

Name of the Vulnerable Software and Affected Versions OISF suricata-update version 1.0.0a1

Description The issue is related to an Insecure Deserialization vulnerability in the yaml.load() function used in several files, including config.py and sources.py. This vulnerability can be exploited through a specially crafted yaml file, potentially leading to Remote Code Execution, even with root privileges if suricata-update is run by root. The "list-sources" command is affected by this bug. An example of how the vulnerability can be triggered is by including lines like hello: !!python/object/apply:os.system ['ls -l > /tmp/output'] in a yaml file.

Recommendations For OISF suricata-update version 1.0.0a1, update to version 1.0.0b1 to resolve the issue. As a temporary workaround, consider avoiding the use of the "list-sources" command until the update is applied. Additionally, restrict access to the yaml.load() function or the files that utilize it, such as config.py and sources.py, to minimize the risk of exploitation.