Snare Central v7.4.5 was released on 18th August 2019.
Snare Central incorporates the Agent Management Console (AMC), the v2.3.0 Reflector, and the v1.0.3 Snare Agent Manager (SAM).
Snare Server 7.4.5 is a patch release that includes bug fixes and operating system security updates.
When enabled, for systems with 8Gb of RAM or more, the elasticsearch heap size has been upgraded to 4Gb.
A new "NAS Protocol version" option has been added to Disk Manager.
Removed the duplicate handling of Snare Transition files that may appear when unscheduled server reboots occur.
Fixed an issue in the data scripts that would leave log files in the /data/SnareTransition partition, in circumstances where an unscheduled server reboot, or a manual service restart interrupted the automatic transition and compression of files.
Additional protections added around OS executions and SQL sanitisation (CVE-2019-11363 & CVE-2019-11364).
Thanks to Simone Quatrini, of Pen Test Partners in the UK.
Inadequate input validation around user and group data could lead to an authenticated administrator-level user of the user interface, to change the meaning of SQL queries directed at resolving pre-stored user/group information.
Resolution: The target Sanitisation module used by the User/Group query module was incorrect ("small text" rather than "small string"), and the associated "small text" module had only very basic protections. The "small text" and "small string" sanitisation modules have been linked as synonyms as a result of this update. Additional protections have also been included in the generic sanitisation component.
Inadequate input validation in the "Disk Manager" component of the Snare Server user interface, could allow a logged-in administrative-level user to run a range of root-level commands by crafting specific content in a specific input variable.
Resolution: Both specific and generic updates have been made to the protections around operating system binary execution to address both this specific issue, and more generic potential threats.
Note that the reason that the CVSSv3 scores for these issues are comparatively low, is due to the requirement for Administrator-level access to the server, and the fact that the administrator already has authorized root-level access to the underlying operating system and SQL data structures.
Operating System Updates
hhvm (4.18.0-1~trusty) trusty; urgency=medium
intel-microcode (3.20190618.0ubuntu0.14.04.1) trusty-security; urgency=medium * SECURITY UPDATE: New upstream microcode datafile 20190618 - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432 sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456 sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360 + Add MDS mitigation support for Sandy Bridge server and Core-X processor families. (LP: #1830123)