Login
Newsletter
Werbung

Sicherheit: Fehler in den Erkennungsregeln in snort
Aktuelle Meldungen Distributionen
Name: Fehler in den Erkennungsregeln in snort
ID: MDVSA-2009:259-1
Distribution: Mandriva
Plattformen: Mandriva 2008.0
Datum: Fr, 11. Dezember 2009, 20:24
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1804
Applikationen: Snort

Originalnachricht

This is a multi-part message in MIME format...

------------=_1260559468-24326-1967


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:259-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : snort
Date : December 11, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not
properly identify packet fragments that have dissimilar TTL values,
which allows remote attackers to bypass detection rules by using a
different TTL for each fragment. (CVE-2008-1804)

The updated packages have been patched to prevent this.

Additionally there were problems with two rules in the snort-rules
package for 2008.0 that is also fixed with this update.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1804
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
c6835024a29a5c1156ec1bcabe7a930e
2008.0/i586/snort-2.7.0.1-2.1mdv2008.0.i586.rpm
098ce3906b38dbc27781a50b78ecbbad
2008.0/i586/snort-bloat-2.7.0.1-2.1mdv2008.0.i586.rpm
d7657089df1764a9e39ddd2b51184a49
2008.0/i586/snort-inline-2.7.0.1-2.1mdv2008.0.i586.rpm
f4f32580e4d373f60851e86b8f7c9bc0
2008.0/i586/snort-inline+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
a62fad5150fcbf898093874f98a8fd1f
2008.0/i586/snort-mysql-2.7.0.1-2.1mdv2008.0.i586.rpm
debc1944271f72611659243643df0b37
2008.0/i586/snort-mysql+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
a409dad0f0fff1d22464aec4099ac9c0
2008.0/i586/snort-plain+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
0e23ae93be9946cbcfd4df66beac3233
2008.0/i586/snort-postgresql-2.7.0.1-2.1mdv2008.0.i586.rpm
c52e0e33c8fc3c01037e2f552897eda0
2008.0/i586/snort-postgresql+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
d3122af0d714bfb08757af1dc62cfb23
2008.0/i586/snort-prelude-2.7.0.1-2.1mdv2008.0.i586.rpm
0b887e9d0dee5fa77feae8143d134ba9
2008.0/i586/snort-prelude+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
a9e6bf9e1993eacd1063832575ffe977
2008.0/i586/snort-rules-2.3.3-4.1mdv2008.0.noarch.rpm
00f5191e8a96520bddec9103643e0749
2008.0/SRPMS/snort-2.7.0.1-2.1mdv2008.0.src.rpm
0be9e2861d2c13d582f40e6f1bd8e658
2008.0/SRPMS/snort-rules-2.3.3-4.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
d2f029f4ec84f06776fb384e56e4d721
2008.0/x86_64/snort-2.7.0.1-2.1mdv2008.0.x86_64.rpm
6c8ec7d6879e031ced36dc513bb7fe74
2008.0/x86_64/snort-bloat-2.7.0.1-2.1mdv2008.0.x86_64.rpm
fe4d3026e064ff96a18d3efe30d66751
2008.0/x86_64/snort-inline-2.7.0.1-2.1mdv2008.0.x86_64.rpm
cc1a7cae0cab080fa9988f4c98e79815
2008.0/x86_64/snort-inline+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
d82f9aeb3e9830dbe800ba56174d4db8
2008.0/x86_64/snort-mysql-2.7.0.1-2.1mdv2008.0.x86_64.rpm
a3dbf00d5ef116b42bd976ee9ade5fa3
2008.0/x86_64/snort-mysql+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
0418bd642265eceadb17fe715420df23
2008.0/x86_64/snort-plain+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
c230b6a1c20e51b2677ff1ae03cb5a15
2008.0/x86_64/snort-postgresql-2.7.0.1-2.1mdv2008.0.x86_64.rpm
d77df31ddcf18a7a7593e5066b718b5b
2008.0/x86_64/snort-postgresql+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
7acf1860096c4e33a4f98b761238eb8c
2008.0/x86_64/snort-prelude-2.7.0.1-2.1mdv2008.0.x86_64.rpm
1650df9efae93915a664dc8fd241e541
2008.0/x86_64/snort-prelude+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
bf0455c5009baba5e69fd36be577395f
2008.0/x86_64/snort-rules-2.3.3-4.1mdv2008.0.noarch.rpm
00f5191e8a96520bddec9103643e0749
2008.0/SRPMS/snort-2.7.0.1-2.1mdv2008.0.src.rpm
0be9e2861d2c13d582f40e6f1bd8e658
2008.0/SRPMS/snort-rules-2.3.3-4.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLInBCmqjQ0CJFipgRAmbZAJ4qNSA8+ArtaunQm/WVInVF69aXZQCgynQX
llu8khCpY699YQhOA1z6Nog=
=pqEG
-----END PGP SIGNATURE-----


------------=_1260559468-24326-1967
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1260559468-24326-1967--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung