Home page logo
/

bugtraq logo Bugtraq mailing list archives

[SECURITY] [DSA 297-1] New snort packages fix remote root exploits
From: joey () infodrom org (Martin Schulze)
Date: Thu, 1 May 2003 15:12:58 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 297-1                     security () debian org
http://www.debian.org/security/                             Martin Schulze
May 1st, 2003                           http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : snort
Vulnerability  : integer overflow, buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0033 CAN-2003-0209
CERT advisories: VU#139129 VU#916785
Bugtraq Ids    : 7178 6963

Two vulnerabilities have been discoverd in Snort, a popular network
intrusion detection system.  Snort comes with modules and plugins that
perform a variety of functions such as protocol analysis.  The
following issues have been identified:

Heap overflow in Snort "stream4" preprocessor
   (VU#139129, CAN-2003-0209, Bugtraq Id 7178)

   Researchers at CORE Security Technologies have discovered a
   remotely exploitable inteter overflow that results in overwriting
   the heap in the "stream4" preprocessor module.  This module allows
   Snort to reassemble TCP packet fragments for further analysis.  An
   attacker could insert arbitrary code that would be executed as
   the user running Snort, probably root.

Buffer overflow in Snort RPC preprocessor
   (VU#916785, CAN-2003-0033, Bugtraq Id 6963)

   Researchers at Internet Security Systems X-Force have discovered a
   remotely exploitable buffer overflow in the Snort RPC preprocessor
   module.  Snort incorrectly checks the lengths of what is being
   normalized against the current packet size.  An attacker could
   exploit this to execute arbitrary code under the privileges of the
   Snort process, probably root.

For the stable distribution (woody) these problems have been fixed in
version 1.8.4beta1-3.1.

The old stable distribution (potato) is not affected by these problems
since it doesn't contain the problematic code.

For the unstable distribution (sid) these problems have been fixed in
version 2.0.0-1.

We recommend that you upgrade your snort package immediately.

You are also advised to upgrade to the most recent version of Snort,
since Snort, as any intrusion detection system, is rather useless if
it is based on old and out-dated data and not kept up to date.  Such
installations would be unable to detect intrusions using modern
methods.  The current version of Snort is 2.0.0, while the version in
the stable distribution (1.8) is quite old and the one in the old
stable distribution is beyond hope.

Since Debian does not update arbitrary packages in stable releases,
even Snort is not going to see updates other than to fix security
problems, you are advised to upgrade to the most recent version from
third party sources.

The Debian maintainer for Snort provides backported up-to-date
packages for woody (stable) and potato (oldstable) for cases where you
cannot upgrade your entire system.  These packages are untested,
though and only exist for the i386 architecture:

deb     http://people.debian.org/~ssmeenk/snort-stable-i386/ ./
deb-src http://people.debian.org/~ssmeenk/snort-stable-i386/ ./

deb     http://people.debian.org/~ssmeenk/snort-oldstable-i386/ ./
deb-src http://people.debian.org/~ssmeenk/snort-oldstable-i386/ ./


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1.dsc
      Size/MD5 checksum:      681 2186ab4fe2efad905f07fb9522f04597
    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1.diff.gz
      Size/MD5 checksum:    67265 1f8ea5bc8a842626a30a2fb693398a16
    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1.orig.tar.gz
      Size/MD5 checksum:  1718574 80201d9c4e33af5e0b56121e4f9f7f7b

  Architecture independent components:

    http://security.debian.org/pool/updates/main/s/snort/snort-doc_1.8.4beta1-3.1_all.deb
      Size/MD5 checksum:   344358 5d15c2a2ffc2e085a4dacfc8226ba336
    http://security.debian.org/pool/updates/main/s/snort/snort-rules-default_1.8.4beta1-3.1_all.deb
      Size/MD5 checksum:    59674 76c3416b6a5e97c4b82e984255ee62a6

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_alpha.deb
      Size/MD5 checksum:   218862 e289d2ac6a97c3c729575af2608d62da
    http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_alpha.deb
      Size/MD5 checksum:    35798 7d1a116fc1c00006914e48019ba68a4b
    http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_alpha.deb
      Size/MD5 checksum:   222492 589db8d591013c098a4d51981464b21e

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_arm.deb
      Size/MD5 checksum:   178156 f37eb2c6b75176be30aaae92cfd699ea
    http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_arm.deb
      Size/MD5 checksum:    35820 4977d033364e56ec0d66266918b5ddfb
    http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_arm.deb
      Size/MD5 checksum:   181128 d7d40fc33fd3e51b54e4293ed7617c70

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_i386.deb
      Size/MD5 checksum:   162048 f26f7562fae5f8761834d4cabe3ed17c
    http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_i386.deb
      Size/MD5 checksum:    35802 548afa7fde8557dcd40bf235f38074dc
    http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_i386.deb
      Size/MD5 checksum:   165354 911fd22a147390c8cf5d4694b4e2b18b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_ia64.deb
      Size/MD5 checksum:   271778 12be6ab4ac58909148a8c9625ebefb99
    http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_ia64.deb
      Size/MD5 checksum:    35798 57f0772e114cc1130c5c2639fc64be71
    http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_ia64.deb
      Size/MD5 checksum:   275284 a8489c8f41fa49d532c0afa67928ee61

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_hppa.deb
      Size/MD5 checksum:   201916 91c8ee56127b14c92736d7d418bc05ca
    http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_hppa.deb
      Size/MD5 checksum:    35816 a5718f767ebc93178eb820dc5a190579
    http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_hppa.deb
      Size/MD5 checksum:   205334 00eb158e0b034dbb6e16e42223f5855b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_m68k.deb
      Size/MD5 checksum:   150320 3c205732845c14274bd9d8520f8ba806
    http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_m68k.deb
      Size/MD5 checksum:    35850 3b8e1da42a9c796a0ecf74f1e7ca2ac1
    http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_m68k.deb
      Size/MD5 checksum:   153552 f97f6f155c93f042f01a9f2e40aff91d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_mips.deb
      Size/MD5 checksum:   198172 75e4fef830c00e952f05cf4139bc264f
    http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_mips.deb
      Size/MD5 checksum:    35822 aadad43bcef00f74acc754302e3557fc
    http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_mips.deb
      Size/MD5 checksum:   201404 9fa10daa290890849df6762b66825024

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_mipsel.deb
      Size/MD5 checksum:   199732 040b188aeb253aa4ec4a6903c3f6f792
    http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_mipsel.deb
      Size/MD5 checksum:    35818 467f455bb8b2c59630470417673e9856
    http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_mipsel.deb
      Size/MD5 checksum:   202972 755df8c2d9b7e2bc01fec9a0b2259f4d

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_powerpc.deb
      Size/MD5 checksum:   174508 3b5d1ebec2d40949e49746b4365c0a81
    http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_powerpc.deb
      Size/MD5 checksum:    35804 60575d5c1998634b6bb3d2a9696f95c6
    http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_powerpc.deb
      Size/MD5 checksum:   177562 c8cdeaab4e7c41c01a435933103fe6dd

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_s390.deb
      Size/MD5 checksum:   173002 ff71b2925e1020c278d7d33eed8f8e6d
    http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_s390.deb
      Size/MD5 checksum:    35794 5207eb80204af25cdbd77dca4b6cc09e
    http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_s390.deb
      Size/MD5 checksum:   176296 2cc04f18ee550e4595e1680b43c2bf3e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_sparc.deb
      Size/MD5 checksum:   176202 6f1325e6c45e06d3f769b18a9ce98274
    http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_sparc.deb
      Size/MD5 checksum:    35806 91ada09e5b9386b803184417ecbd953c
    http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_sparc.deb
      Size/MD5 checksum:   179444 deb6b8580ef04cabecfec3972f4519dd


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce () lists debian org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+sR1ZW5ql+IAeqTIRApAdAKC1eQYjEpX7v5t4fdBeDh7CK5y6awCfdUpd
YqHF6Rz3zXbDFPWbU5uuPac=
=EfYw
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA 297-1] New snort packages fix remote root exploits Martin Schulze (May 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault