Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: November 09, 2005
Not Affected
Mac OS X and Mac OS X Server do not contain software affected by the issue described in this vulnerability note.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Not Affected
Avaya Systems products do not ship with snort BackOrafice installed, and are therefore not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 11, 2005 Updated: November 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Check Point is acquiring Sourcefire.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 11, 2005 Updated: November 11, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 11, 2005 Updated: November 10, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: November 11, 2005
Not Affected
The vulnerable code in snort is not present in the versions shipped with Debian stable (3.1, alias sarge) and Debian oldstable (3.0, alias woody).
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 11, 2005 Updated: November 10, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 19, 2005
Not Affected
F5 products do not include Snort components and are not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Affected
snort is available in the FreeBSD Ports Collection. Please see http://vuxml.freebsd.org/97d45e95-3ffc-11da-a263-0001020eed82.html for details regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Not Affected
This vulnerability VU#175500 does not affect any GTA Firewall products.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 20, 2005
Not Affected
Hitachi does not have any SNORT products.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 14, 2005 Updated: October 18, 2005
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: November 11, 2005
Not Affected
Intoto's iGateway network security platform does not use Snort, so it is not vulnerable to the potential buffer overflow exploit described in this vulnerability note.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 20, 2005
Not Affected
Juniper Networks products are not susceptible to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 11, 2005 Updated: November 10, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Not Affected
NextHop Technologies does not make use of the Snort Back Orifice preprocessor in any of our products; as a result no NextHop products are susceptible to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 19, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Nortel Security Advisory Bulletin 2005006335, available from http://nortel.com/securityadvisories.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Not Affected
Openwall GNU/*/Linux is not vulnerable. We do not package Snort.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Not Affected
The snort application is not shipped as part of any Red Hat Enterprise Linux distribution.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Not Affected
Snort is not part of any Secure Computing products, so this should have no effect on us.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 14, 2005 Updated: October 18, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see http://www.snort.org/pub-bin/snortnews.cgi#99 In addition, the following is from the Snort version 2.4.3 Release notes: 2005-10-17 - Snort 2.4.3 Released [*] Improvements * Fixed possible buffer overflow in back orifice preprocessor. * Added snort.conf options to bo preprocessor for finer control of alerting and dropping of bo traffic. * Added alert to detect the bo buffer overflow attack against snort.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 14, 2005 Updated: October 26, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Sourcefire Intrusion Sensors v4.0.2 and higher are affected by this vulnerability. We do not know what versions or patches address this vulnerability. Please contact Sourcefire customer support.
Notified: October 18, 2005 Updated: October 20, 2005
Not Affected
Stonesoft's StoneGate IPS, Intrusion Detection and Analysis for Active Response, uses its own intrusion detection engine and does not rely on Snort code. Therefore the vulnerability in Snort's Back Orifice preprocessor does not affect Stonesoft products in any way.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Not Affected
Sun distributes snort-2.0.0 with Solaris Companion CD or Solaris Operating System Freeware site: http://www.sun.com/software/solaris/freeware/. snort-2.0.0 is not affected by this vulnerability. Also Sun's Java Desktop System (JDS) for Linux does not contain snort and is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 19, 2005
Affected
We are currently fixing this issue and will release updates very soon. As soon as the new packages are available our customers can install the fixed version of snort by using YOU Online-Update.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 11, 2005 Updated: November 10, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 19, 2005
Affected
Snort is not officially supported in Ubuntu, the package resides in the "universe" section of the archive. The next Ubuntu release will contain a fixed version. We will gladly accept community efforts to fix it for the currently released Ubuntu versions, though.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Not Affected
WatchGuard is not effected by this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 18, 2005 Updated: October 18, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.