| |||||||||||||
|
| |||||||||||||
Conectiva alert CLA-2003:642 (snort)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : snort SUMMARY : Vulnerability in the stream4 preprocessor DATE : 2003-05-06 21:44:00 ID : CLA-2003:642 RELEVANT RELEASES : 8, 9 - ------------------------------------------------------------------------- DESCRIPTION Snort is an Open Source Network Intrusion Detection System (NIDS). Core Security has discovered[1] a remotely exploitable integer overflow vulnerability in Snort. It resides in the stream4 preprocessor, which is responsible for normalizing TCP traffic before its analysis by the rules processor. A remote attacker able to insert specially crafted TCP traffic in the network being monitored by snort may crash the sensor or execute arbitrary code in its context, which is run by the root user. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0209 to this issue[2]. Since the stream4 preprocessor is present only in snort versions >= 1.8, users of Conectiva Linux versions 6.0 and 7.0 are not vulnerable to this attack. Additionally, a preventive fix for a possible problem with the use of the memcpy() function in the frag2 preprocessor code was added[3]. IMPORTANT: Please note that this update includes snort 1.9.1. The snort version originally distributed with Conectiva Linux 8 was 1.8.4b1 (already updated to 1.9.1 in the last snort security[4] announcement). Since several components have changed in snort 1.9.1, the old snort.conf file and the alerts database need some small changes in order to work with this new version. Instructions about how to smoothly upgrade from 1.8.4b1 are available in the package documentation and in our last snort security announcement[4], released on 04/04/2003. SOLUTION All snort users should upgrade. REFERENCES: 1.http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0209 3.http://sourceforge.net/mailarchive/message.php?msg_id=4457321 4.http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000613 UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/8/RPMS/snort-1.9.1-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/snort-1.9.1-1U80_3cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/snort-1.9.1-27951U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/snort-1.9.1-27951U90_2cl.src.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+uFdH42jd0JmAcZARArwgAKDE+fRKY03JkA3kDE3az3gEcUm5LgCg3KLt llQNn3eE5epnkGnwvflmFL0= =1oGg -----END PGP SIGNATURE----- (Log in to post comments)
|
|
||||||||||||