Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Script to avoid OpenSSL DoS CVE-2015-1788
##! This script is to avoid CVE-2015-1788 which is explained in
##! detail at http://jpb.io. It is a denial of service against
##! OpenSSL which will cause Bro processes to lock up.
##! WARNING - This script should only be used temporarily until
##! your OpenSSL library is upgraded. This script can
##! then be removed.
@if( /2\.3/ in bro_version() )
event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=-100
{
Files::remove_analyzer(f, Files::ANALYZER_X509);
}
@endif
@if ( /2\.4/ in bro_version() )
event file_sniff(f: fa_file, meta: fa_metadata) &priority=-100
{
Files::remove_analyzer(f, Files::ANALYZER_X509);
}
@endif

The correct domain is http://jbp.io/ for more information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment