[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ MDVSA-2009:259 ] snort



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:259
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : snort
 Date    : October 7, 2009
 Affected: 2008.1
 _______________________________________________________________________

 Problem Description:

 preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not
 properly identify packet fragments that have dissimilar TTL values,
 which allows remote attackers to bypass detection rules by using a
 different TTL for each fragment. (CVE-2008-1804)
 
 The updated packages have been patched to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1804
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 dc3906dc1d48752b0028db52dda4e9b4  
2008.1/i586/snort-2.8.0.1-0.3mdv2008.1.i586.rpm
 6c34aaba7a0021ccc797674b1b80bd46  
2008.1/i586/snort-bloat-2.8.0.1-0.3mdv2008.1.i586.rpm
 c95670f1057d26073663beb067704575  
2008.1/i586/snort-inline-2.8.0.1-0.3mdv2008.1.i586.rpm
 f38aca6368004b309de50a9e89ae4711  
2008.1/i586/snort-inline+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm
 ae5e49f3664e21fd7576f27d51f0ab16  
2008.1/i586/snort-mysql-2.8.0.1-0.3mdv2008.1.i586.rpm
 72378abc8bded4a46f4a4742a76bf071  
2008.1/i586/snort-mysql+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm
 9b91fb239c850094fe3d068d5e8ac4b2  
2008.1/i586/snort-plain+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm
 da019e8b5e97df18c4730a539c0f9138  
2008.1/i586/snort-postgresql-2.8.0.1-0.3mdv2008.1.i586.rpm
 795e63ccf0f37e51c650eec1c22f59bc  
2008.1/i586/snort-postgresql+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm
 dc86b9a563093dc6e723ea7b76ea38ce  
2008.1/i586/snort-prelude-2.8.0.1-0.3mdv2008.1.i586.rpm
 2a397c8290156cf78fda4bbab18677e4  
2008.1/i586/snort-prelude+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm 
 745baaa0d4e9b8c8a874f05e1742a77e  
2008.1/SRPMS/snort-2.8.0.1-0.3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 4540092c49a3dabb3401e95de9dde397  
2008.1/x86_64/snort-2.8.0.1-0.3mdv2008.1.x86_64.rpm
 f62c42af2d2c39deeec921e3e04318c2  
2008.1/x86_64/snort-bloat-2.8.0.1-0.3mdv2008.1.x86_64.rpm
 8a2e5997b5ddc0917f8e661bbf228ab0  
2008.1/x86_64/snort-inline-2.8.0.1-0.3mdv2008.1.x86_64.rpm
 5a8e5de46c6adb8f5840ee0220a3825d  
2008.1/x86_64/snort-inline+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm
 53e029637c4d7b54cc1dda1ca0a84f71  
2008.1/x86_64/snort-mysql-2.8.0.1-0.3mdv2008.1.x86_64.rpm
 552026c7b229ec62e5c41f2034b4d18f  
2008.1/x86_64/snort-mysql+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm
 8036750a3fc64817acf1c82ce9f588cf  
2008.1/x86_64/snort-plain+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm
 c4c349130ffd21720bb0b59a0653cc2a  
2008.1/x86_64/snort-postgresql-2.8.0.1-0.3mdv2008.1.x86_64.rpm
 3c2c7bafdc630238ce2d3a27b7dc54ab  
2008.1/x86_64/snort-postgresql+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm
 8d6c4fdc34d23992846bc23dde64da9c  
2008.1/x86_64/snort-prelude-2.8.0.1-0.3mdv2008.1.x86_64.rpm
 69e6dcc8c225e4ef231a03b24c1609bb  
2008.1/x86_64/snort-prelude+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm 
 745baaa0d4e9b8c8a874f05e1742a77e  
2008.1/SRPMS/snort-2.8.0.1-0.3mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKzRBPmqjQ0CJFipgRAtgTAJ40Hw8QpOu7G2hJshupeYo1nISexgCfSGDj
lOR8kwq98+UqPA7h/HJr22I=
=7No9
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/