Overview
The Snort "stream4" preprocessor module contains a vulnerability that allows remote attackers to execute arbitrary code with the privileges of the user running Snort, typically root.
Description
Researchers at CORE Security Technologies have discovered a remotely exploitable heap overflow in the Snort "stream4" preprocessor module. This module allows Snort to reassemble TCP packet fragments for further analysis. http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10 |
Impact
This vulnerability allows remote attackers to execute arbitrary code with the privileges of the user running Snort, typically root. Please note that it is not necessary for the attacker to know the IP address of the Snort device they wish to attack; merely sending malicious traffic where it can be observed by an affected Snort sensor is sufficient to exploit these vulnerabilities. |
Solution
Upgrade to Snort 2.0 |
Disable the "stream4" preprocessor module preprocessor stream4_reassemble |
Vendor Information
Debian Affected
Notified: April 16, 2003 Updated: May 19, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 297-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 1st, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : snort
Vulnerability : integer overflow, buffer overflow
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0033 CAN-2003-0209
CERT advisories: VU#139129 VU#916785
Bugtraq Ids : 7178 6963
Two vulnerabilities have been discoverd in Snort, a popular network
intrusion detection system. Snort comes with modules and plugins that
perform a variety of functions such as protocol analysis. The
following issues have been identified:
Heap overflow in Snort "stream4" preprocessor
(VU#139129, CAN-2003-0209, Bugtraq Id 7178)
Researchers at CORE Security Technologies have discovered a
remotely exploitable inteter overflow that results in overwriting
the heap in the "stream4" preprocessor module. This module allows
Snort to reassemble TCP packet fragments for further analysis. An
attacker could insert arbitrary code that would be executed as
the user running Snort, probably root.
Buffer overflow in Snort RPC preprocessor
(VU#916785, CAN-2003-0033, Bugtraq Id 6963)
Researchers at Internet Security Systems X-Force have discovered a
remotely exploitable buffer overflow in the Snort RPC preprocessor
module. Snort incorrectly checks the lengths of what is being
normalized against the current packet size. An attacker could
exploit this to execute arbitrary code under the privileges of the
Snort process, probably root.
For the stable distribution (woody) these problems have been fixed in
version 1.8.4beta1-3.1.
The old stable distribution (potato) is not affected by these problems
since it doesn't contain the problematic code.
For the unstable distribution (sid) these problems have been fixed in
version 2.0.0-1.
We recommend that you upgrade your snort package immediately.
You are also advised to upgrade to the most recent version of Snort,
since Snort, as any intrusion detection system, is rather useless if
it is based on old and out-dated data and not kept up to date. Such
installations would be unable to detect intrusions using modern
methods. The current version of Snort is 2.0.0, while the version in
the stable distribution (1.8) is quite old and the one in the old
stable distribution is beyond hope.
Since Debian does not update arbitrary packages in stable releases,
even Snort is not going to see updates other than to fix security
problems, you are advised to upgrade to the most recent version from
third party sources.
The Debian maintainer for Snort provides backported up-to-date
packages for woody (stable) and potato (oldstable) for cases where you
cannot upgrade your entire system. These packages are untested,
though and only exist for the i386 architecture:
deb http://people.debian.org/~ssmeenk/snort-stable-i386/ ./
deb-src http://people.debian.org/~ssmeenk/snort-stable-i386/ ./
deb http://people.debian.org/~ssmeenk/snort-oldstable-i386/ ./
deb-src http://people.debian.org/~ssmeenk/snort-oldstable-i386/ ./
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1.dsc
Size/MD5 checksum: 681 2186ab4fe2efad905f07fb9522f04597
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1.diff.gz
Size/MD5 checksum: 67265 1f8ea5bc8a842626a30a2fb693398a16
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1.orig.tar.gz
Size/MD5 checksum: 1718574 80201d9c4e33af5e0b56121e4f9f7f7b
Architecture independent components:
http://security.debian.org/pool/updates/main/s/snort/snort-doc_1.8.4beta1-3.1_all.deb
Size/MD5 checksum: 344358 5d15c2a2ffc2e085a4dacfc8226ba336
http://security.debian.org/pool/updates/main/s/snort/snort-rules-default_1.8.4beta1-3.1_all.deb
Size/MD5 checksum: 59674 76c3416b6a5e97c4b82e984255ee62a6
Alpha architecture:
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_alpha.deb
Size/MD5 checksum: 218862 e289d2ac6a97c3c729575af2608d62da
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_alpha.deb
Size/MD5 checksum: 35798 7d1a116fc1c00006914e48019ba68a4b
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_alpha.deb
Size/MD5 checksum: 222492 589db8d591013c098a4d51981464b21e
ARM architecture:
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_arm.deb
Size/MD5 checksum: 178156 f37eb2c6b75176be30aaae92cfd699ea
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_arm.deb
Size/MD5 checksum: 35820 4977d033364e56ec0d66266918b5ddfb
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_arm.deb
Size/MD5 checksum: 181128 d7d40fc33fd3e51b54e4293ed7617c70
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_i386.deb
Size/MD5 checksum: 162048 f26f7562fae5f8761834d4cabe3ed17c
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_i386.deb
Size/MD5 checksum: 35802 548afa7fde8557dcd40bf235f38074dc
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_i386.deb
Size/MD5 checksum: 165354 911fd22a147390c8cf5d4694b4e2b18b
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_ia64.deb
Size/MD5 checksum: 271778 12be6ab4ac58909148a8c9625ebefb99
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_ia64.deb
Size/MD5 checksum: 35798 57f0772e114cc1130c5c2639fc64be71
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_ia64.deb
Size/MD5 checksum: 275284 a8489c8f41fa49d532c0afa67928ee61
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_hppa.deb
Size/MD5 checksum: 201916 91c8ee56127b14c92736d7d418bc05ca
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_hppa.deb
Size/MD5 checksum: 35816 a5718f767ebc93178eb820dc5a190579
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_hppa.deb
Size/MD5 checksum: 205334 00eb158e0b034dbb6e16e42223f5855b
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_m68k.deb
Size/MD5 checksum: 150320 3c205732845c14274bd9d8520f8ba806
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_m68k.deb
Size/MD5 checksum: 35850 3b8e1da42a9c796a0ecf74f1e7ca2ac1
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_m68k.deb
Size/MD5 checksum: 153552 f97f6f155c93f042f01a9f2e40aff91d
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_mips.deb
Size/MD5 checksum: 198172 75e4fef830c00e952f05cf4139bc264f
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_mips.deb
Size/MD5 checksum: 35822 aadad43bcef00f74acc754302e3557fc
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_mips.deb
Size/MD5 checksum: 201404 9fa10daa290890849df6762b66825024
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_mipsel.deb
Size/MD5 checksum: 199732 040b188aeb253aa4ec4a6903c3f6f792
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_mipsel.deb
Size/MD5 checksum: 35818 467f455bb8b2c59630470417673e9856
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_mipsel.deb
Size/MD5 checksum: 202972 755df8c2d9b7e2bc01fec9a0b2259f4d
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_powerpc.deb
Size/MD5 checksum: 174508 3b5d1ebec2d40949e49746b4365c0a81
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_powerpc.deb
Size/MD5 checksum: 35804 60575d5c1998634b6bb3d2a9696f95c6
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_powerpc.deb
Size/MD5 checksum: 177562 c8cdeaab4e7c41c01a435933103fe6dd
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_s390.deb
Size/MD5 checksum: 173002 ff71b2925e1020c278d7d33eed8f8e6d
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_s390.deb
Size/MD5 checksum: 35794 5207eb80204af25cdbd77dca4b6cc09e
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_s390.deb
Size/MD5 checksum: 176296 2cc04f18ee550e4595e1680b43c2bf3e
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_sparc.deb
Size/MD5 checksum: 176202 6f1325e6c45e06d3f769b18a9ce98274
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_sparc.deb
Size/MD5 checksum: 35806 91ada09e5b9386b803184417ecbd953c
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_sparc.deb
Size/MD5 checksum: 179444 deb6b8580ef04cabecfec3972f4519dd
These files will probably be moved into the stable distribution on
its next revision.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+sR1ZW5ql+IAeqTIRApAdAKC1eQYjEpX7v5t4fdBeDh7CK5y6awCfdUpd
YqHF6Rz3zXbDFPWbU5uuPac=
=EfYw
-----END PGP SIGNATURE-----
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Gentoo Linux Affected
Notified: April 22, 2003 Updated: May 19, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200304-06
- - - ---------------------------------------------------------------------
PACKAGE : snort
SUMMARY : Multiple Vulnerabilities in Snort Preprocessors
DATE : 2003-04-28 07:07 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <snort-2.0.0
FIXED VERSION : >=snort-2.0.0
CVE : CAN-2003-0209 CAN-2003-0033
- - - ---------------------------------------------------------------------
New (and correct) ID and updated CVE link.
- - From advisories:
"The Sourcefire Vulnerability Research Team has learned of an integer overflow
in the Snort stream4 preprocessor used by the Sourcefire Network Sensor
product line. The Snort stream4 preprocessor (spp_stream4) incorrectly
calculates segment size parameters during stream reassembly for certain
sequence number ranges which can lead to an integer overflow that can be
expanded to a heap overflow.
The Snort stream4 flaw may lead to a denial of service (DoS) attack or
remote command execution on a host running Snort. This attack can be launched
by crafting TCP stream packets and transmitting them over a network segment
that is being monitored by a vulnerable Snort implementation. In its
default configuration, certain versions of snort are vulnerable to this
attack, as is the default configuration of the Snort IDS."
"Remote attackers may exploit the buffer overflow condition to run
arbitrary code on a Snort sensor with the privileges of the Snort IDS
process, which typically runs as the superuser. The vulnerable
preprocessor is enabled by default. It is not necessary to establish an
actual connection to a RPC portmapper service to exploit this
vulnerability."
Read the full advisories at:
http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951
http://www.snort.org/advisories/snort-2003-04-16-1.txt
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-analyzer/snort upgrade to snort-2.0.0 as follows:
emerge sync
emerge snort
emerge clean
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+rNNLfT7nyhUpoZMRAk3cAJ41kN/5iZoa3IOtmoTwP+E7JRZZdACdFiE6
c8JLrnnQbuVE2ASytyK0N48=
=V4iq
-----END PGP SIGNATURE-----
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Guardian Digital Inc. Affected
Notified: April 16, 2003 Updated: May 19, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+------------------------------------------------------------------------+
| Guardian Digital Security Advisory April 30, 2003 |
| http://www.guardiandigital.com ESA-20030430-013 |
| |
| Package: snort |
| Summary: stream4 preprocessor integer overflow vulnerability |
+------------------------------------------------------------------------+
EnGarde Secure Linux is an enterprise class Linux platform engineered
to enable corporations to quickly and cost-effectively build a complete
and secure Internet presence while preventing Internet threats.
OVERVIEW
- --------
There is an integer overflow vulnerability in the stream4 preprocessor
of the Snort IDS system.
Guardian Digital products affected by this issue include:
EnGarde Secure Community v1.0.1
EnGarde Secure Community 2
EnGarde Secure Professional v1.1
EnGarde Secure Professional v1.2
EnGarde Secure Professional v1.5
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0209 to this issue.
It is recommended that all users apply this update as soon as possible.
SOLUTION
- --------
Guardian Digital Secure Network subscribers may automatically update
affected systems by accessing their account from within the Guardian
Digital WebTool.
To modify your GDSN account and contact preferences, please go to:
https://www.guardiandigital.com/account/
Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages:
SRPMS/snort-2.0.0-1.0.10.src.rpm
MD5 Sum: e4dea6592038fa6e487607c1d1adbba4
i386/snort-2.0.0-1.0.10.i386.rpm
MD5 Sum: e530e2b93853e1082dec8de4f494e95a
i686/snort-2.0.0-1.0.10.i686.rpm
MD5 Sum: 3d0770923eedd9d28484984e13a23260
REFERENCES
- ----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
Snort's Official Web Site:
http://www.snort.org/
Guardian Digital Advisories:
http://infocenter.guardiandigital.com/advisories/
Security Contact: security@guardiandigital.com
- --------------------------------------------------------------------------
Author: Ryan W. Maple <ryan@guardiandigital.com>
Copyright 2003, Guardian Digital, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+sAc2HD5cqd57fu0RAuO6AJ4goWYfOXpM+04wblcHcJ8xQsKe3gCcCmaB
6+6LpMQDs0jKX5xSbtXEyMI=
=Froi
-----END PGP SIGNATURE-----
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MandrakeSoft Affected
Notified: April 16, 2003 Updated: May 19, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: snort
Advisory ID: MDKSA-2003:052
Date: April 28th, 2003
Affected versions:8.2, 9.0, 9.1, Corporate Server 2.1,
Multi Network Firewall 8.2
________________________________________________________________________
Problem Description:
An integer overflow was discovered in the Snort stream4 preprocessor
by the Sourcefire Vulnerability Research Team. This preprocessor
(spp_stream4) incorrectly calculates segment size parameters during
stream reassembly for certainm sequence number ranges. This can
lead to an integer overflow that can in turn lead to a heap overflow
that can be exploited to perform a denial of service (DoS) or even
remote command excution on the host running Snort.
Disabling the stream4 preprocessor will make Snort invulnerable to
this attack, and the flaw has been fixed upstream in Snort version
2.0. Snort versions 1.8 through 1.9.1 are vulnerable.
________________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0209
http://www.snort.org/advisories/snort-2003-04-16-1.txt
________________________________________________________________________
Updated Packages:
Corporate Server 2.1:
97c817bc7ddb5e1a89f4479668cf59f0 corporate/2.1/RPMS/snort-2.0.0-2.1mdk.i586.rpm
ca9dec4bc5ba46f80a0724f6e0f5a138 corporate/2.1/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
0262bcb71eea556cbee8c421e4ad1511 corporate/2.1/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
8dd41f46553707dc3adc6a82855df2ba corporate/2.1/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
46ad883dad9f77ce6d978171eb03de67 corporate/2.1/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
3dd354f0c849c9765451b51fa93a0b4e corporate/2.1/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
8735c537e40937a7b3ae3f3c38d55162 corporate/2.1/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
73a866acec5d6e1abdde902d0d893968 corporate/2.1/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
cc0a606a5409213934b0c06fe2d44433 corporate/2.1/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181 corporate/2.1/SRPMS/snort-2.0.0-2.1mdk.src.rpm
Mandrake Linux 8.2:
a4514c067f2409606fe7706a35d8f3f7 8.2/RPMS/snort-2.0.0-2.1mdk.i586.rpm
5c2f61da6ce991e630a23dffbeee2814 8.2/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
242237fafcc77f29b9b6cdc71db27cdc 8.2/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
75a9dc76a726e93e1876c35d7eafa543 8.2/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
9230a8bf2966eda057b4903edb2e6e8c 8.2/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
08efb60f8fa7f117903f3267e92c1937 8.2/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
a993826c9b4a74cfde1a36f3b209c3a9 8.2/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
9700de212e797fb49d59859bd0faeef8 8.2/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
781cafab6d9ca1e7de0d53a9f0a6ad20 8.2/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181 8.2/SRPMS/snort-2.0.0-2.1mdk.src.rpm
Mandrake Linux 8.2/PPC:
2961264210fb026e70c76bc20db4a109 ppc/8.2/RPMS/snort-2.0.0-2.1mdk.ppc.rpm
4efd69038a64483af014ed3da0bda40e ppc/8.2/RPMS/snort-bloat-2.0.0-2.1mdk.ppc.rpm
1618da9f7f393f384f2fa3620d5756ab ppc/8.2/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.ppc.rpm
26772c8ca76f47d33d75a2bae9c4b030 ppc/8.2/RPMS/snort-mysql-2.0.0-2.1mdk.ppc.rpm
1954dd955a26e4fafe053e1ed418fe7f ppc/8.2/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.ppc.rpm
84f600f2013d88faecc4a19613a16cf2 ppc/8.2/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.ppc.rpm
a32214c7f3ab03681956054f61d4071f ppc/8.2/RPMS/snort-postgresql-2.0.0-2.1mdk.ppc.rpm
76b030fb690c654ff008ee0d2bfdee95 ppc/8.2/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.ppc.rpm
d365692eb1fd386fb9f1fb4b87973f2a ppc/8.2/RPMS/snort-snmp-2.0.0-2.1mdk.ppc.rpm
2efb9950c70248f94b561f76bef88181 ppc/8.2/SRPMS/snort-2.0.0-2.1mdk.src.rpm
Mandrake Linux 9.0:
97c817bc7ddb5e1a89f4479668cf59f0 9.0/RPMS/snort-2.0.0-2.1mdk.i586.rpm
ca9dec4bc5ba46f80a0724f6e0f5a138 9.0/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
0262bcb71eea556cbee8c421e4ad1511 9.0/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
8dd41f46553707dc3adc6a82855df2ba 9.0/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
46ad883dad9f77ce6d978171eb03de67 9.0/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
3dd354f0c849c9765451b51fa93a0b4e 9.0/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
8735c537e40937a7b3ae3f3c38d55162 9.0/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
73a866acec5d6e1abdde902d0d893968 9.0/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
cc0a606a5409213934b0c06fe2d44433 9.0/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181 9.0/SRPMS/snort-2.0.0-2.1mdk.src.rpm
Mandrake Linux 9.1:
3436f5a3ec275a9e8d38b32a3e885b20 9.1/RPMS/snort-2.0.0-2.1mdk.i586.rpm
c63d4e80b2b69dc8469a401d62e65de2 9.1/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
0e12b7b79706198f6351c1d55d6c29a6 9.1/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
501bbbcfb86e0dbc5a1450f97d5df972 9.1/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
b4151478633c30590a605e8fe110852e 9.1/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
7f58e498e92d7b32bfa6c4b7a85c36c1 9.1/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
b576a20571664d450504b3a51aae0417 9.1/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
76cb1fc010b384ef5ba0c236d85ce6e5 9.1/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
fca545c28a94eaabc6f10d7528d0e82c 9.1/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181 9.1/SRPMS/snort-2.0.0-2.1mdk.src.rpm
Mandrake Linux 9.1/PPC:
6fedffede24c0334a8eeb858a826482f ppc/9.1/RPMS/snort-2.0.0-2.1mdk.ppc.rpm
753051524999ae9f082e124bfc949ec2 ppc/9.1/RPMS/snort-bloat-2.0.0-2.1mdk.ppc.rpm
905246e8240c13006760bbd56c0fbe9b ppc/9.1/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.ppc.rpm
b8adb28a28341780014339e9cd1f4b8a ppc/9.1/RPMS/snort-mysql-2.0.0-2.1mdk.ppc.rpm
d1537b80ce0d15e290d129edf9b6f02e ppc/9.1/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.ppc.rpm
16b0bbbc4729f8fdaf7d0554b45cd0e5 ppc/9.1/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.ppc.rpm
972676cf613c1d1313a6bf68d7f9f0d6 ppc/9.1/RPMS/snort-postgresql-2.0.0-2.1mdk.ppc.rpm
7c79443a574b81db3345bac3c11c2f16 ppc/9.1/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.ppc.rpm
4df4eef406078666a682a01935975678 ppc/9.1/RPMS/snort-snmp-2.0.0-2.1mdk.ppc.rpm
2efb9950c70248f94b561f76bef88181 ppc/9.1/SRPMS/snort-2.0.0-2.1mdk.src.rpm
Multi Network Firewall 8.2:
a4514c067f2409606fe7706a35d8f3f7 mnf8.2/RPMS/snort-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181 mnf8.2/SRPMS/snort-2.0.0-2.1mdk.src.rpm
________________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________
To upgrade automatically, use MandrakeUpdate. The verification of md5
checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:
rpm --checksig <filename>
All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team from:
https://www.mandrakesecure.net/RPM-GPG-KEYS
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)
mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA
BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H
8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K
+jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy
YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j
b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+
AJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E
OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ
9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR
xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z
269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN
6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ
jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo
0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ
EJGXlA==
=yGlX
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+rc7gmqjQ0CJFipgRAiufAJ0Wa5bQdmAunHSUUw+z2CYm4vAUbACcCJfl
2WSQOdFu39Whu+U8sPBFXtE=
=py2r
-----END PGP SIGNATURE-----
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SmoothWall Affected
Notified: April 17, 2003 Updated: April 21, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The SmoothWall firewall is affected by this vulnerability; for more information, please see
http://www.smoothwall.org/beta/bugs/mallard-006.html
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Snort Affected
Notified: April 16, 2003 Updated: April 17, 2003
Status
Affected
Vendor Statement
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Snort(TM) Advisory: Integer Overflow in Stream4
Date: April 16, 2003
Affected Versions:
All versions of the following products are affected:
* Snort 1.8 through 1.9.1
* Snort CVS - current branch up to version 2.0.0 beta
Synopsis:
The Sourcefire Vulnerability Research Team has learned of an integer overflow
in the Snort stream4 preprocessor used by the Sourcefire Network Sensor
product line. The Snort stream4 preprocessor (spp_stream4) incorrectly
calculates segment size parameters during stream reassembly for certain
sequence number ranges which can lead to an integer overflow that can be
expanded to a heap overflow.
The Snort stream4 flaw may lead to a denial of service (DoS) attack or
remote command execution on a host running Snort. This attack can be launched
by crafting TCP stream packets and transmitting them over a network segment
that is being monitored by a vulnerable Snort implementation. In its
default configuration, certain versions of snort are vulnerable to this
attack, as is the default configuration of the Snort IDS.
Disabling the stream4 preprocessor will make the snort invulnerable to the
attack.
To disable the stream4 preprocessor, edit snort.conf and replace any lines
that begin with "preprocessor stream4" with "# preprocessor stream4"
NOTE: Disabling the stream4 preprocessor disables stateful inspection and
stream reassembly and could allow someone to evade snort using tcp stream
segmentation attacks.
Patches:
Snort 2.0 has been released and corrects this vulnerability.
(C) 2003 Sourcefire, Inc. All rights reserved.
Sourcefire and Snort are trademarks or registered trademarks of Sourcefire, INC.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+nadjavJ5BgQ0p28RAi8FAKCviv78UU8V2k+smfZU875Lcrhb9gCfQIXK
CuzzM4EKTvbvkvo+wL47YYM=
=u1yD
-----END PGP SIGNATURE-----
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Snort has released version 2.0 to address this vulnerability. This version is available at
http://www.snort.org/dl/snort-2.0.0.tar.gz
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Apple Computer Inc. Not Affected
Notified: April 16, 2003 Updated: April 17, 2003
Status
Not Affected
Vendor Statement
Snort is not shipped with Mac OS X or Mac OS X Server.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Conectiva Not Affected
Notified: April 16, 2003 Updated: May 19, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : snort
SUMMARY : Vulnerability in the stream4 preprocessor
DATE : 2003-05-06 21:44:00
ID : CLA-2003:642
RELEVANT
RELEASES : 8, 9
- -------------------------------------------------------------------------
DESCRIPTION
Snort is an Open Source Network Intrusion Detection System (NIDS).
Core Security has discovered[1] a remotely exploitable integer
overflow vulnerability in Snort. It resides in the stream4
preprocessor, which is responsible for normalizing TCP traffic before
its analysis by the rules processor.
A remote attacker able to insert specially crafted TCP traffic in the
network being monitored by snort may crash the sensor or execute
arbitrary code in its context, which is run by the root user.
The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CAN-2003-0209 to this issue[2].
Since the stream4 preprocessor is present only in snort versions >=
1.8, users of Conectiva Linux versions 6.0 and 7.0 are not vulnerable
to this attack.
Additionally, a preventive fix for a possible problem with the use of
the memcpy() function in the frag2 preprocessor code was added[3].
IMPORTANT: Please note that this update includes snort 1.9.1. The
snort version originally distributed with Conectiva Linux 8 was
1.8.4b1 (already updated to 1.9.1 in the last snort security[4]
announcement). Since several components have changed in snort 1.9.1,
the old snort.conf file and the alerts database need some small
changes in order to work with this new version. Instructions about
how to smoothly upgrade from 1.8.4b1 are available in the package
documentation and in our last snort security announcement[4],
released on 04/04/2003.
SOLUTION
All snort users should upgrade.
REFERENCES:
1.http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0209
3.http://sourceforge.net/mailarchive/message.php?msg_id=4457321
4.http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000613
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/8/RPMS/snort-1.9.1-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/snort-1.9.1-1U80_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/snort-1.9.1-27951U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/snort-1.9.1-27951U90_2cl.src.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com
- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+uFdH42jd0JmAcZARArwgAKDE+fRKY03JkA3kDE3az3gEcUm5LgCg3KLt
llQNn3eE5epnkGnwvflmFL0=
=1oGg
-----END PGP SIGNATURE-----
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Fujitsu Not Affected
Notified: April 16, 2003 Updated: May 19, 2003
Status
Not Affected
Vendor Statement
Fujitsu's UXP/V o.s. is not affected by the problem in VU#139129 and [VU#]916785 because it does not support the Snort.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Ingrian Networks Not Affected
Notified: April 16, 2003 Updated: April 17, 2003
Status
Not Affected
Vendor Statement
Ingrian Networks products are not susceptible to VU#139129 and VU#916785 since they do not use Snort.
Ingrian customers who are using the IDS Extender Service Engine to mirror cleartext data to a Snort-based IDS should upgrade their IDS software.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NetBSD Not Affected
Notified: April 16, 2003 Updated: April 17, 2003
Status
Not Affected
Vendor Statement
NetBSD does not include snort in the base system.
Snort is available from the 3rd party software system, pkgsrc. Users who have installed net/snort, net/snort-mysql or net/snort-pgsql should update to a fixed version. pkgsrc/security/audit-packages can be used to keep up to date with these types of issues.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Red Hat Inc. Not Affected
Notified: April 16, 2003 Updated: April 17, 2003
Status
Not Affected
Vendor Statement
Red Hat does not ship Snort in any of our supported products.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SGI Not Affected
Notified: April 16, 2003 Updated: April 17, 2003
Status
Not Affected
Vendor Statement
SGI does not ship snort as part of IRIX.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
BSDI Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cray Inc. Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Data General Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
FreeBSD Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Hewlett-Packard Company Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
IBM Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MontaVista Software Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NEC Corporation Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Nokia Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OpenBSD Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Openwall GNU/*/Linux Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sequent Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sony Corporation Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SuSE Inc. Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sun Microsystems Inc. Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
The SCO Group (SCO Linux) Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
The SCO Group (SCO UnixWare) Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Unisys Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Wind River Systems Inc. Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Wirex Unknown
Notified: April 16, 2003 Updated: April 17, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was discovered by Bruce Leidl, Juan Pablo Martinez Kuhn, and Alejandro David Weil of Core Security Technologies.
This document was written by Jeffrey P. Lanza.
Other Information
| CVE IDs: | CVE-2003-0209 |
| CERT Advisory: | CA-2003-13 |
| Severity Metric: | 30.99 |
| Date Public: | 2003-04-15 |
| Date First Published: | 2003-04-16 |
| Date Last Updated: | 2003-05-20 01:03 UTC |
| Document Revision: | 22 |