[STBR/security] snort

Michał J. Podyma misiek w r-h.pl
Śro, 16 Kwi 2003, 11:26:17 CEST 

Helo!

Czy kto moze puscisc snorta na buildery z RA-brancha,
i potem zapakowac do security updates ??


BUGz:
From: CORE Security Technologies Advisories
<advisories w coresecurity.com> To: Bugtraq <bugtraq w securityfocus.com>
Subject: CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow
Vulnerability Date: Tue, 15 Apr 2003 16:01:41 -0300
Organization: CORE Security Technologies

... ciach ...

*Vulnerability Description*

  Snort is a very popular open source network intrusion detection
  system.  It can detect hundreds of different attacks by analyzing
  packets received on the network and applying a database of pattern
  matching rules.  Snort also comes with modules and plugins that
  perform a variety of functions such as protocol analysis, output,
  and logging.  For more information about Snort visit
  http:///www.snort.org

  The stream4 preprocessor module is a Snort plugin that reassembles
  TCP traffic before passing it on to be analyzed.  It also detects
  several types of IDS evasion attacks.

  We have discovered an exploitable heap overflow in this module
  resulting from sequence number calculations that overflow a
  32 bit integer variable.

  To exploit this vulnerability an attacker does not need to know on
  which host the Snort sensor is running.  It is only necessary to
  guess where to send traffic that the Snort sensor will 'see' and
  analyze.

  Successful exploitation of this vulnerability could lead to
  execution of arbitrary commands on a system running the Snort sensor
  with the privileges of the user running the snort process (usually
  root), a denial of service attack against the snort sensor and
  possibly the implementation of IDS evasion techniques that would
  prevent the sensor from detecting attacks on the monitored network.


*Vulnerable packages:*

  . Snort 2.0 versions prior to RC1
  . Snort 1.9.x
  . Snort 1.8.x
  . IDSes and other security appliances using snort technology embedded.

... ciach ... 

-- 
Michał J. Podyma <michalp w r-h.pl> <michalp w cna.us.edu.pl> 
SySadmin @ R - H . PL    [ http://f.com.pl ]

Więcej informacji o liście dyskusyjnej pld-devel-pl