Notified: April 16, 2003 Updated: April 17, 2003
Not Affected
Snort is not shipped with Mac OS X or Mac OS X Server.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: May 19, 2003
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : snort SUMMARY : Vulnerability in the stream4 preprocessor DATE : 2003-05-06 21:44:00 ID : CLA-2003:642 RELEVANT RELEASES : 8, 9 DESCRIPTION Snort is an Open Source Network Intrusion Detection System (NIDS). Core Security has discovered[1] a remotely exploitable integer overflow vulnerability in Snort. It resides in the stream4 preprocessor, which is responsible for normalizing TCP traffic before its analysis by the rules processor. A remote attacker able to insert specially crafted TCP traffic in the network being monitored by snort may crash the sensor or execute arbitrary code in its context, which is run by the root user. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0209 to this issue[2]. Since the stream4 preprocessor is present only in snort versions >= 1.8, users of Conectiva Linux versions 6.0 and 7.0 are not vulnerable to this attack. Additionally, a preventive fix for a possible problem with the use of the memcpy() function in the frag2 preprocessor code was added[3]. IMPORTANT: Please note that this update includes snort 1.9.1. The snort version originally distributed with Conectiva Linux 8 was 1.8.4b1 (already updated to 1.9.1 in the last snort security[4] announcement). Since several components have changed in snort 1.9.1, the old snort.conf file and the alerts database need some small changes in order to work with this new version. Instructions about how to smoothly upgrade from 1.8.4b1 are available in the package documentation and in our last snort security announcement[4], released on 04/04/2003. SOLUTION All snort users should upgrade. REFERENCES: 1.http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0209 3.http://sourceforge.net/mailarchive/message.php?msg_id=4457321 4.http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000613 UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/8/RPMS/snort-1.9.1-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/snort-1.9.1-1U80_3cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/snort-1.9.1-27951U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/snort-1.9.1-27951U90_2cl.src.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+uFdH42jd0JmAcZARArwgAKDE+fRKY03JkA3kDE3az3gEcUm5LgCg3KLt llQNn3eE5epnkGnwvflmFL0= =1oGg -----END PGP SIGNATURE-----
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: May 19, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Debian Security Advisory DSA 297-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 1st, 2003 http://www.debian.org/security/faq Package : snort
Vulnerability : integer overflow, buffer overflow
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0033 CAN-2003-0209
CERT advisories: VU#139129 VU#916785
Bugtraq Ids : 7178 6963 Two vulnerabilities have been discoverd in Snort, a popular network
intrusion detection system. Snort comes with modules and plugins that
perform a variety of functions such as protocol analysis. The
following issues have been identified: Heap overflow in Snort "stream4" preprocessor
(VU#139129, CAN-2003-0209, Bugtraq Id 7178) Researchers at CORE Security Technologies have discovered a
remotely exploitable inteter overflow that results in overwriting
the heap in the "stream4" preprocessor module. This module allows
Snort to reassemble TCP packet fragments for further analysis. An
attacker could insert arbitrary code that would be executed as
the user running Snort, probably root. Buffer overflow in Snort RPC preprocessor
(VU#916785, CAN-2003-0033, Bugtraq Id 6963) Researchers at Internet Security Systems X-Force have discovered a
remotely exploitable buffer overflow in the Snort RPC preprocessor
module. Snort incorrectly checks the lengths of what is being
normalized against the current packet size. An attacker could
exploit this to execute arbitrary code under the privileges of the
Snort process, probably root. For the stable distribution (woody) these problems have been fixed in
version 1.8.4beta1-3.1. The old stable distribution (potato) is not affected by these problems
since it doesn't contain the problematic code. For the unstable distribution (sid) these problems have been fixed in
version 2.0.0-1. We recommend that you upgrade your snort package immediately. You are also advised to upgrade to the most recent version of Snort,
since Snort, as any intrusion detection system, is rather useless if
it is based on old and out-dated data and not kept up to date. Such
installations would be unable to detect intrusions using modern
methods. The current version of Snort is 2.0.0, while the version in
the stable distribution (1.8) is quite old and the one in the old
stable distribution is beyond hope. Since Debian does not update arbitrary packages in stable releases,
even Snort is not going to see updates other than to fix security
problems, you are advised to upgrade to the most recent version from
third party sources. The Debian maintainer for Snort provides backported up-to-date
packages for woody (stable) and potato (oldstable) for cases where you
cannot upgrade your entire system. These packages are untested,
though and only exist for the i386 architecture: deb http://people.debian.org/~ssmeenk/snort-stable-i386/ ./
deb-src http://people.debian.org/~ssmeenk/snort-stable-i386/ ./ deb http://people.debian.org/~ssmeenk/snort-oldstable-i386/ ./
deb-src http://people.debian.org/~ssmeenk/snort-oldstable-i386/ ./ Upgrade Instructions wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file. If you are using the apt-get package manager, use the line for
sources.list as given below: apt-get update
will update the internal database
apt-get upgrade
will install corrected packages You may use an automated update by adding the resources from the
footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives: http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1.dsc
Size/MD5 checksum: 681 2186ab4fe2efad905f07fb9522f04597
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1.diff.gz
Size/MD5 checksum: 67265 1f8ea5bc8a842626a30a2fb693398a16
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1.orig.tar.gz
Size/MD5 checksum: 1718574 80201d9c4e33af5e0b56121e4f9f7f7b Architecture independent components: http://security.debian.org/pool/updates/main/s/snort/snort-doc_1.8.4beta1-3.1_all.deb
Size/MD5 checksum: 344358 5d15c2a2ffc2e085a4dacfc8226ba336
http://security.debian.org/pool/updates/main/s/snort/snort-rules-default_1.8.4beta1-3.1_all.deb
Size/MD5 checksum: 59674 76c3416b6a5e97c4b82e984255ee62a6 Alpha architecture: http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_alpha.deb
Size/MD5 checksum: 218862 e289d2ac6a97c3c729575af2608d62da
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_alpha.deb
Size/MD5 checksum: 35798 7d1a116fc1c00006914e48019ba68a4b
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_alpha.deb
Size/MD5 checksum: 222492 589db8d591013c098a4d51981464b21e ARM architecture: http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_arm.deb
Size/MD5 checksum: 178156 f37eb2c6b75176be30aaae92cfd699ea
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_arm.deb
Size/MD5 checksum: 35820 4977d033364e56ec0d66266918b5ddfb
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_arm.deb
Size/MD5 checksum: 181128 d7d40fc33fd3e51b54e4293ed7617c70 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_i386.deb
Size/MD5 checksum: 162048 f26f7562fae5f8761834d4cabe3ed17c
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_i386.deb
Size/MD5 checksum: 35802 548afa7fde8557dcd40bf235f38074dc
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_i386.deb
Size/MD5 checksum: 165354 911fd22a147390c8cf5d4694b4e2b18b Intel IA-64 architecture: http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_ia64.deb
Size/MD5 checksum: 271778 12be6ab4ac58909148a8c9625ebefb99
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_ia64.deb
Size/MD5 checksum: 35798 57f0772e114cc1130c5c2639fc64be71
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_ia64.deb
Size/MD5 checksum: 275284 a8489c8f41fa49d532c0afa67928ee61 HP Precision architecture: http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_hppa.deb
Size/MD5 checksum: 201916 91c8ee56127b14c92736d7d418bc05ca
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_hppa.deb
Size/MD5 checksum: 35816 a5718f767ebc93178eb820dc5a190579
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_hppa.deb
Size/MD5 checksum: 205334 00eb158e0b034dbb6e16e42223f5855b Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_m68k.deb
Size/MD5 checksum: 150320 3c205732845c14274bd9d8520f8ba806
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_m68k.deb
Size/MD5 checksum: 35850 3b8e1da42a9c796a0ecf74f1e7ca2ac1
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_m68k.deb
Size/MD5 checksum: 153552 f97f6f155c93f042f01a9f2e40aff91d Big endian MIPS architecture: http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_mips.deb
Size/MD5 checksum: 198172 75e4fef830c00e952f05cf4139bc264f
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_mips.deb
Size/MD5 checksum: 35822 aadad43bcef00f74acc754302e3557fc
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_mips.deb
Size/MD5 checksum: 201404 9fa10daa290890849df6762b66825024 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_mipsel.deb
Size/MD5 checksum: 199732 040b188aeb253aa4ec4a6903c3f6f792
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_mipsel.deb
Size/MD5 checksum: 35818 467f455bb8b2c59630470417673e9856
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_mipsel.deb
Size/MD5 checksum: 202972 755df8c2d9b7e2bc01fec9a0b2259f4d PowerPC architecture: http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_powerpc.deb
Size/MD5 checksum: 174508 3b5d1ebec2d40949e49746b4365c0a81
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_powerpc.deb
Size/MD5 checksum: 35804 60575d5c1998634b6bb3d2a9696f95c6
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_powerpc.deb
Size/MD5 checksum: 177562 c8cdeaab4e7c41c01a435933103fe6dd IBM S/390 architecture: http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_s390.deb
Size/MD5 checksum: 173002 ff71b2925e1020c278d7d33eed8f8e6d
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_s390.deb
Size/MD5 checksum: 35794 5207eb80204af25cdbd77dca4b6cc09e
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_s390.deb
Size/MD5 checksum: 176296 2cc04f18ee550e4595e1680b43c2bf3e Sun Sparc architecture: http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_sparc.deb
Size/MD5 checksum: 176202 6f1325e6c45e06d3f769b18a9ce98274
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_sparc.deb
Size/MD5 checksum: 35806 91ada09e5b9386b803184417ecbd953c
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_sparc.deb
Size/MD5 checksum: 179444 deb6b8580ef04cabecfec3972f4519dd These files will probably be moved into the stable distribution on
its next revision. For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: May 19, 2003
Not Affected
Fujitsu's UXP/V o.s. is not affected by the problem in VU#139129 and [VU#]916785 because it does not support the Snort.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 22, 2003 Updated: May 19, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 GENTOO LINUX SECURITY ANNOUNCEMENT 200304-06 PACKAGE : snort
SUMMARY : Multiple Vulnerabilities in Snort Preprocessors
DATE : 2003-04-28 07:07 UTC
EXPLOIT : remote
VERSIONS AFFECTED :
Notified: April 16, 2003 Updated: May 19, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 | Guardian Digital Security Advisory April 30, 2003 |
| http://www.guardiandigital.com ESA-20030430-013 | | Package: snort |
| Summary: stream4 preprocessor integer overflow vulnerability | EnGarde Secure Linux is an enterprise class Linux platform engineered
to enable corporations to quickly and cost-effectively build a complete
and secure Internet presence while preventing Internet threats. OVERVIEW There is an integer overflow vulnerability in the stream4 preprocessor
of the Snort IDS system. Guardian Digital products affected by this issue include: EnGarde Secure Community v1.0.1
EnGarde Secure Community 2
EnGarde Secure Professional v1.1
EnGarde Secure Professional v1.2
EnGarde Secure Professional v1.5 The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0209 to this issue. It is recommended that all users apply this update as soon as possible. SOLUTION Guardian Digital Secure Network subscribers may automatically update
affected systems by accessing their account from within the Guardian
Digital WebTool. To modify your GDSN account and contact preferences, please go to: https://www.guardiandigital.com/account/ Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages: SRPMS/snort-2.0.0-1.0.10.src.rpm
MD5 Sum: e4dea6592038fa6e487607c1d1adbba4 i386/snort-2.0.0-1.0.10.i386.rpm
MD5 Sum: e530e2b93853e1082dec8de4f494e95a i686/snort-2.0.0-1.0.10.i686.rpm
MD5 Sum: 3d0770923eedd9d28484984e13a23260 REFERENCES Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY Snort's Official Web Site: http://www.snort.org/ Guardian Digital Advisories: http://infocenter.guardiandigital.com/advisories/ Security Contact: security@guardiandigital.com Author: Ryan W. Maple
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Not Affected
Ingrian Networks products are not susceptible to VU#139129 and VU#916785 since they do not use Snort. Ingrian customers who are using the IDS Extender Service Engine to mirror cleartext data to a Snort-based IDS should upgrade their IDS software.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: May 19, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Mandrake Linux Security Update Advisory Package name: snort
Advisory ID: MDKSA-2003:052
Date: April 28th, 2003 Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1,
Multi Network Firewall 8.2 Problem Description: An integer overflow was discovered in the Snort stream4 preprocessor
by the Sourcefire Vulnerability Research Team. This preprocessor
(spp_stream4) incorrectly calculates segment size parameters during
stream reassembly for certainm sequence number ranges. This can
lead to an integer overflow that can in turn lead to a heap overflow
that can be exploited to perform a denial of service (DoS) or even
remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to
this attack, and the flaw has been fixed upstream in Snort version
2.0. Snort versions 1.8 through 1.9.1 are vulnerable. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0209
http://www.snort.org/advisories/snort-2003-04-16-1.txt Updated Packages: Corporate Server 2.1: 97c817bc7ddb5e1a89f4479668cf59f0 corporate/2.1/RPMS/snort-2.0.0-2.1mdk.i586.rpm
ca9dec4bc5ba46f80a0724f6e0f5a138 corporate/2.1/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
0262bcb71eea556cbee8c421e4ad1511 corporate/2.1/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
8dd41f46553707dc3adc6a82855df2ba corporate/2.1/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
46ad883dad9f77ce6d978171eb03de67 corporate/2.1/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
3dd354f0c849c9765451b51fa93a0b4e corporate/2.1/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
8735c537e40937a7b3ae3f3c38d55162 corporate/2.1/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
73a866acec5d6e1abdde902d0d893968 corporate/2.1/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
cc0a606a5409213934b0c06fe2d44433 corporate/2.1/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181 corporate/2.1/SRPMS/snort-2.0.0-2.1mdk.src.rpm Mandrake Linux 8.2: a4514c067f2409606fe7706a35d8f3f7 8.2/RPMS/snort-2.0.0-2.1mdk.i586.rpm
5c2f61da6ce991e630a23dffbeee2814 8.2/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
242237fafcc77f29b9b6cdc71db27cdc 8.2/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
75a9dc76a726e93e1876c35d7eafa543 8.2/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
9230a8bf2966eda057b4903edb2e6e8c 8.2/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
08efb60f8fa7f117903f3267e92c1937 8.2/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
a993826c9b4a74cfde1a36f3b209c3a9 8.2/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
9700de212e797fb49d59859bd0faeef8 8.2/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
781cafab6d9ca1e7de0d53a9f0a6ad20 8.2/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181 8.2/SRPMS/snort-2.0.0-2.1mdk.src.rpm Mandrake Linux 8.2/PPC: 2961264210fb026e70c76bc20db4a109 ppc/8.2/RPMS/snort-2.0.0-2.1mdk.ppc.rpm
4efd69038a64483af014ed3da0bda40e ppc/8.2/RPMS/snort-bloat-2.0.0-2.1mdk.ppc.rpm
1618da9f7f393f384f2fa3620d5756ab ppc/8.2/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.ppc.rpm
26772c8ca76f47d33d75a2bae9c4b030 ppc/8.2/RPMS/snort-mysql-2.0.0-2.1mdk.ppc.rpm
1954dd955a26e4fafe053e1ed418fe7f ppc/8.2/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.ppc.rpm
84f600f2013d88faecc4a19613a16cf2 ppc/8.2/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.ppc.rpm
a32214c7f3ab03681956054f61d4071f ppc/8.2/RPMS/snort-postgresql-2.0.0-2.1mdk.ppc.rpm
76b030fb690c654ff008ee0d2bfdee95 ppc/8.2/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.ppc.rpm
d365692eb1fd386fb9f1fb4b87973f2a ppc/8.2/RPMS/snort-snmp-2.0.0-2.1mdk.ppc.rpm
2efb9950c70248f94b561f76bef88181 ppc/8.2/SRPMS/snort-2.0.0-2.1mdk.src.rpm Mandrake Linux 9.0: 97c817bc7ddb5e1a89f4479668cf59f0 9.0/RPMS/snort-2.0.0-2.1mdk.i586.rpm
ca9dec4bc5ba46f80a0724f6e0f5a138 9.0/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
0262bcb71eea556cbee8c421e4ad1511 9.0/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
8dd41f46553707dc3adc6a82855df2ba 9.0/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
46ad883dad9f77ce6d978171eb03de67 9.0/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
3dd354f0c849c9765451b51fa93a0b4e 9.0/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
8735c537e40937a7b3ae3f3c38d55162 9.0/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
73a866acec5d6e1abdde902d0d893968 9.0/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
cc0a606a5409213934b0c06fe2d44433 9.0/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181 9.0/SRPMS/snort-2.0.0-2.1mdk.src.rpm Mandrake Linux 9.1: 3436f5a3ec275a9e8d38b32a3e885b20 9.1/RPMS/snort-2.0.0-2.1mdk.i586.rpm
c63d4e80b2b69dc8469a401d62e65de2 9.1/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
0e12b7b79706198f6351c1d55d6c29a6 9.1/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
501bbbcfb86e0dbc5a1450f97d5df972 9.1/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
b4151478633c30590a605e8fe110852e 9.1/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
7f58e498e92d7b32bfa6c4b7a85c36c1 9.1/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
b576a20571664d450504b3a51aae0417 9.1/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
76cb1fc010b384ef5ba0c236d85ce6e5 9.1/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
fca545c28a94eaabc6f10d7528d0e82c 9.1/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181 9.1/SRPMS/snort-2.0.0-2.1mdk.src.rpm Mandrake Linux 9.1/PPC: 6fedffede24c0334a8eeb858a826482f ppc/9.1/RPMS/snort-2.0.0-2.1mdk.ppc.rpm
753051524999ae9f082e124bfc949ec2 ppc/9.1/RPMS/snort-bloat-2.0.0-2.1mdk.ppc.rpm
905246e8240c13006760bbd56c0fbe9b ppc/9.1/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.ppc.rpm
b8adb28a28341780014339e9cd1f4b8a ppc/9.1/RPMS/snort-mysql-2.0.0-2.1mdk.ppc.rpm
d1537b80ce0d15e290d129edf9b6f02e ppc/9.1/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.ppc.rpm
16b0bbbc4729f8fdaf7d0554b45cd0e5 ppc/9.1/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.ppc.rpm
972676cf613c1d1313a6bf68d7f9f0d6 ppc/9.1/RPMS/snort-postgresql-2.0.0-2.1mdk.ppc.rpm
7c79443a574b81db3345bac3c11c2f16 ppc/9.1/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.ppc.rpm
4df4eef406078666a682a01935975678 ppc/9.1/RPMS/snort-snmp-2.0.0-2.1mdk.ppc.rpm
2efb9950c70248f94b561f76bef88181 ppc/9.1/SRPMS/snort-2.0.0-2.1mdk.src.rpm Multi Network Firewall 8.2: a4514c067f2409606fe7706a35d8f3f7 mnf8.2/RPMS/snort-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181 mnf8.2/SRPMS/snort-2.0.0-2.1mdk.src.rpm Bug IDs fixed (see https://qa.mandrakesoft.com for more information): To upgrade automatically, use MandrakeUpdate. The verification of md5
checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command: rpm --checksig
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Not Affected
NetBSD does not include snort in the base system. Snort is available from the 3rd party software system, pkgsrc. Users who have installed net/snort, net/snort-mysql or net/snort-pgsql should update to a fixed version. pkgsrc/security/audit-packages can be used to keep up to date with these types of issues.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Not Affected
Red Hat does not ship Snort in any of our supported products.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Not Affected
SGI does not ship snort as part of IRIX.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 17, 2003 Updated: April 21, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The SmoothWall firewall is affected by this vulnerability; for more information, please see http://www.smoothwall.org/beta/bugs/mallard-006.html
Notified: April 16, 2003 Updated: April 17, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Snort(TM) Advisory: Integer Overflow in Stream4 Date: April 16, 2003 Affected Versions: All versions of the following products are affected: * Snort 1.8 through 1.9.1 * Snort CVS - current branch up to version 2.0.0 beta Synopsis: The Sourcefire Vulnerability Research Team has learned of an integer overflow in the Snort stream4 preprocessor used by the Sourcefire Network Sensor product line. The Snort stream4 preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certain sequence number ranges which can lead to an integer overflow that can be expanded to a heap overflow. The Snort stream4 flaw may lead to a denial of service (DoS) attack or remote command execution on a host running Snort. This attack can be launched by crafting TCP stream packets and transmitting them over a network segment that is being monitored by a vulnerable Snort implementation. In its default configuration, certain versions of snort are vulnerable to this attack, as is the default configuration of the Snort IDS. Disabling the stream4 preprocessor will make the snort invulnerable to the attack. To disable the stream4 preprocessor, edit snort.conf and replace any lines that begin with "preprocessor stream4" with "# preprocessor stream4" NOTE: Disabling the stream4 preprocessor disables stateful inspection and stream reassembly and could allow someone to evade snort using tcp stream segmentation attacks. Patches: Snort 2.0 has been released and corrects this vulnerability. (C) 2003 Sourcefire, Inc. All rights reserved. Sourcefire and Snort are trademarks or registered trademarks of Sourcefire, INC. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+nadjavJ5BgQ0p28RAi8FAKCviv78UU8V2k+smfZU875Lcrhb9gCfQIXK CuzzM4EKTvbvkvo+wL47YYM= =u1yD -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
Snort has released version 2.0 to address this vulnerability. This version is available at http://www.snort.org/dl/snort-2.0.0.tar.gz
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 16, 2003 Updated: April 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.