[Full-Disclosure] MDKSA-2003:052 - Updated snort packages fix remote vulnerability

From: Mandrake Linux Security Team (security_at_linux-mandrake.com)
Date: 04/29/03

  • Next message: _ _: "[Full-Disclosure] whingeing, moaning and bitching" 
    To: full-disclosure@lists.netsys.com
Date: 29 Apr 2003 01:01:20 -0000

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ________________________________________________________________________

                    Mandrake Linux Security Update Advisory
    ________________________________________________________________________

    Package name: snort
    Advisory ID: MDKSA-2003:052
    Date: April 28th, 2003

    Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1,
                            Multi Network Firewall 8.2
    ________________________________________________________________________

    Problem Description:

     An integer overflow was discovered in the Snort stream4 preprocessor
     by the Sourcefire Vulnerability Research Team. This preprocessor
     (spp_stream4) incorrectly calculates segment size parameters during
     stream reassembly for certainm sequence number ranges. This can
     lead to an integer overflow that can in turn lead to a heap overflow
     that can be exploited to perform a denial of service (DoS) or even
     remote command excution on the host running Snort.
     
     Disabling the stream4 preprocessor will make Snort invulnerable to
     this attack, and the flaw has been fixed upstream in Snort version
     2.0. Snort versions 1.8 through 1.9.1 are vulnerable.
    ________________________________________________________________________

    References:
      
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0209
      http://www.snort.org/advisories/snort-2003-04-16-1.txt
    ________________________________________________________________________

    Updated Packages:
      
     Corporate Server 2.1:
     97c817bc7ddb5e1a89f4479668cf59f0 corporate/2.1/RPMS/snort-2.0.0-2.1mdk.i586.rpm
     ca9dec4bc5ba46f80a0724f6e0f5a138 corporate/2.1/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
     0262bcb71eea556cbee8c421e4ad1511 corporate/2.1/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
     8dd41f46553707dc3adc6a82855df2ba corporate/2.1/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
     46ad883dad9f77ce6d978171eb03de67 corporate/2.1/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
     3dd354f0c849c9765451b51fa93a0b4e corporate/2.1/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
     8735c537e40937a7b3ae3f3c38d55162 corporate/2.1/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
     73a866acec5d6e1abdde902d0d893968 corporate/2.1/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
     cc0a606a5409213934b0c06fe2d44433 corporate/2.1/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
     2efb9950c70248f94b561f76bef88181 corporate/2.1/SRPMS/snort-2.0.0-2.1mdk.src.rpm

     Mandrake Linux 8.2:
     a4514c067f2409606fe7706a35d8f3f7 8.2/RPMS/snort-2.0.0-2.1mdk.i586.rpm
     5c2f61da6ce991e630a23dffbeee2814 8.2/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
     242237fafcc77f29b9b6cdc71db27cdc 8.2/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
     75a9dc76a726e93e1876c35d7eafa543 8.2/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
     9230a8bf2966eda057b4903edb2e6e8c 8.2/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
     08efb60f8fa7f117903f3267e92c1937 8.2/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
     a993826c9b4a74cfde1a36f3b209c3a9 8.2/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
     9700de212e797fb49d59859bd0faeef8 8.2/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
     781cafab6d9ca1e7de0d53a9f0a6ad20 8.2/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
     2efb9950c70248f94b561f76bef88181 8.2/SRPMS/snort-2.0.0-2.1mdk.src.rpm

     Mandrake Linux 8.2/PPC:
     2961264210fb026e70c76bc20db4a109 ppc/8.2/RPMS/snort-2.0.0-2.1mdk.ppc.rpm
     4efd69038a64483af014ed3da0bda40e ppc/8.2/RPMS/snort-bloat-2.0.0-2.1mdk.ppc.rpm
     1618da9f7f393f384f2fa3620d5756ab ppc/8.2/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.ppc.rpm
     26772c8ca76f47d33d75a2bae9c4b030 ppc/8.2/RPMS/snort-mysql-2.0.0-2.1mdk.ppc.rpm
     1954dd955a26e4fafe053e1ed418fe7f ppc/8.2/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.ppc.rpm
     84f600f2013d88faecc4a19613a16cf2 ppc/8.2/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.ppc.rpm
     a32214c7f3ab03681956054f61d4071f ppc/8.2/RPMS/snort-postgresql-2.0.0-2.1mdk.ppc.rpm
     76b030fb690c654ff008ee0d2bfdee95 ppc/8.2/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.ppc.rpm
     d365692eb1fd386fb9f1fb4b87973f2a ppc/8.2/RPMS/snort-snmp-2.0.0-2.1mdk.ppc.rpm
     2efb9950c70248f94b561f76bef88181 ppc/8.2/SRPMS/snort-2.0.0-2.1mdk.src.rpm

     Mandrake Linux 9.0:
     97c817bc7ddb5e1a89f4479668cf59f0 9.0/RPMS/snort-2.0.0-2.1mdk.i586.rpm
     ca9dec4bc5ba46f80a0724f6e0f5a138 9.0/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
     0262bcb71eea556cbee8c421e4ad1511 9.0/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
     8dd41f46553707dc3adc6a82855df2ba 9.0/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
     46ad883dad9f77ce6d978171eb03de67 9.0/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
     3dd354f0c849c9765451b51fa93a0b4e 9.0/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
     8735c537e40937a7b3ae3f3c38d55162 9.0/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
     73a866acec5d6e1abdde902d0d893968 9.0/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
     cc0a606a5409213934b0c06fe2d44433 9.0/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
     2efb9950c70248f94b561f76bef88181 9.0/SRPMS/snort-2.0.0-2.1mdk.src.rpm

     Mandrake Linux 9.1:
     3436f5a3ec275a9e8d38b32a3e885b20 9.1/RPMS/snort-2.0.0-2.1mdk.i586.rpm
     c63d4e80b2b69dc8469a401d62e65de2 9.1/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
     0e12b7b79706198f6351c1d55d6c29a6 9.1/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
     501bbbcfb86e0dbc5a1450f97d5df972 9.1/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
     b4151478633c30590a605e8fe110852e 9.1/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
     7f58e498e92d7b32bfa6c4b7a85c36c1 9.1/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
     b576a20571664d450504b3a51aae0417 9.1/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
     76cb1fc010b384ef5ba0c236d85ce6e5 9.1/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
     fca545c28a94eaabc6f10d7528d0e82c 9.1/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
     2efb9950c70248f94b561f76bef88181 9.1/SRPMS/snort-2.0.0-2.1mdk.src.rpm

     Mandrake Linux 9.1/PPC:
     6fedffede24c0334a8eeb858a826482f ppc/9.1/RPMS/snort-2.0.0-2.1mdk.ppc.rpm
     753051524999ae9f082e124bfc949ec2 ppc/9.1/RPMS/snort-bloat-2.0.0-2.1mdk.ppc.rpm
     905246e8240c13006760bbd56c0fbe9b ppc/9.1/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.ppc.rpm
     b8adb28a28341780014339e9cd1f4b8a ppc/9.1/RPMS/snort-mysql-2.0.0-2.1mdk.ppc.rpm
     d1537b80ce0d15e290d129edf9b6f02e ppc/9.1/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.ppc.rpm
     16b0bbbc4729f8fdaf7d0554b45cd0e5 ppc/9.1/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.ppc.rpm
     972676cf613c1d1313a6bf68d7f9f0d6 ppc/9.1/RPMS/snort-postgresql-2.0.0-2.1mdk.ppc.rpm
     7c79443a574b81db3345bac3c11c2f16 ppc/9.1/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.ppc.rpm
     4df4eef406078666a682a01935975678 ppc/9.1/RPMS/snort-snmp-2.0.0-2.1mdk.ppc.rpm
     2efb9950c70248f94b561f76bef88181 ppc/9.1/SRPMS/snort-2.0.0-2.1mdk.src.rpm

     Multi Network Firewall 8.2:
     a4514c067f2409606fe7706a35d8f3f7 mnf8.2/RPMS/snort-2.0.0-2.1mdk.i586.rpm
     2efb9950c70248f94b561f76bef88181 mnf8.2/SRPMS/snort-2.0.0-2.1mdk.src.rpm
    ________________________________________________________________________

    Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
    ________________________________________________________________________

    To upgrade automatically, use MandrakeUpdate. The verification of md5
    checksums and GPG signatures is performed automatically for you.

    If you want to upgrade manually, download the updated package from one
    of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
    FTP mirrors can be obtained from:

      http://www.mandrakesecure.net/en/ftp.php

    Please verify the update prior to upgrading to ensure the integrity of
    the downloaded package. You can do this with the command:

      rpm --checksig <filename>

    All packages are signed by MandrakeSoft for security. You can obtain
    the GPG public key of the Mandrake Linux Security Team from:

      https://www.mandrakesecure.net/RPM-GPG-KEYS

    Please be aware that sometimes it takes the mirrors a few hours to
    update.

    You can view other update advisories for Mandrake Linux at:

      http://www.mandrakesecure.net/en/advisories/

    MandrakeSoft has several security-related mailing list services that
    anyone can subscribe to. Information on these lists can be obtained by
    visiting:

      http://www.mandrakesecure.net/en/mlist.php

    If you want to report vulnerabilities, please contact

      security_linux-mandrake.com

    Type Bits/KeyID Date User ID
    pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
      <security linux-mandrake.com>

    - -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
    L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
    WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
    P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
    hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
    PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
    2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
    iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
    LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
    ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
    PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
    /NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
    BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
    WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
    Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA
    BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H
    8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K
    +jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy
    YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j
    b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+
    AJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E
    OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ
    9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR
    xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z
    269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN
    6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ
    jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo
    0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ
    EJGXlA==
    =yGlX
    - -----END PGP PUBLIC KEY BLOCK-----

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQE+rc7gmqjQ0CJFipgRAiufAJ0Wa5bQdmAunHSUUw+z2CYm4vAUbACcCJfl
    2WSQOdFu39Whu+U8sPBFXtE=
    =py2r
    -----END PGP SIGNATURE-----
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: _ _: "[Full-Disclosure] whingeing, moaning and bitching"

    Relevant Pages

    • MDKSA-2003:052 - Updated snort packages fix remote vulnerability
      ... An integer overflow was discovered in the Snort stream4 preprocessor ... by the Sourcefire Vulnerability Research Team. ... Mandrake Linux 8.2/PPC: ... All packages are signed by MandrakeSoft for security. ...
      (Bugtraq)
    • MDKSA-2001:079-2 - kernel updaet
      ... Alexander Viro discovered a vulnerability in the devfs implementation ... arbitrary amount of time in the kernel code. ... You can get the GPG public key of the Mandrake Linux Security Team at ...
      (Bugtraq)
    • MDKSA-2001:079-1 - kernel 2.4 update
      ... Subject: MDKSA-2001:079-1 - kernel 2.4 update ... Alexander Viro discovered a vulnerability in the devfs implementation ... You can get the GPG public key of the Mandrake Linux Security Team at ...
      (Bugtraq)
    • MDKSA-2001:053-1 - gnupg update
      ... A format string vulnerability exists in gnupg 1.0.5 and previous ... You can get the GPG public key of the Linux-Mandrake Security Team at ... Mandrake Linux 8.0: ...
      (Bugtraq)
    • [Full-Disclosure] MDKSA-2003:091 - Updated kdebase packages fix vulnerabilities in KDM
      ... KDM may grant local root access to any user with valid ... It is also possible that this vulnerability ... Mandrake Linux 9.0: ... All packages are signed by MandrakeSoft for security. ...
      (Full-Disclosure)