Mandriva Linux Security Advisory 2009-259 - preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. The updated packages have been patched to prevent this. Additionally there were problems with two rules in the snort-rules package for 2008.0 that is also fixed with this update. Packages for 2008.0 are being provided due to extended support for Corporate products.
ee5fec922445fc73e30d9ef005c7991028e684036a55c43cce10e70dfe8a3b98
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:259-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : snort
Date : December 11, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not
properly identify packet fragments that have dissimilar TTL values,
which allows remote attackers to bypass detection rules by using a
different TTL for each fragment. (CVE-2008-1804)
The updated packages have been patched to prevent this.
Additionally there were problems with two rules in the snort-rules
package for 2008.0 that is also fixed with this update.
Update:
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1804
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
c6835024a29a5c1156ec1bcabe7a930e 2008.0/i586/snort-2.7.0.1-2.1mdv2008.0.i586.rpm
098ce3906b38dbc27781a50b78ecbbad 2008.0/i586/snort-bloat-2.7.0.1-2.1mdv2008.0.i586.rpm
d7657089df1764a9e39ddd2b51184a49 2008.0/i586/snort-inline-2.7.0.1-2.1mdv2008.0.i586.rpm
f4f32580e4d373f60851e86b8f7c9bc0 2008.0/i586/snort-inline+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
a62fad5150fcbf898093874f98a8fd1f 2008.0/i586/snort-mysql-2.7.0.1-2.1mdv2008.0.i586.rpm
debc1944271f72611659243643df0b37 2008.0/i586/snort-mysql+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
a409dad0f0fff1d22464aec4099ac9c0 2008.0/i586/snort-plain+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
0e23ae93be9946cbcfd4df66beac3233 2008.0/i586/snort-postgresql-2.7.0.1-2.1mdv2008.0.i586.rpm
c52e0e33c8fc3c01037e2f552897eda0 2008.0/i586/snort-postgresql+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
d3122af0d714bfb08757af1dc62cfb23 2008.0/i586/snort-prelude-2.7.0.1-2.1mdv2008.0.i586.rpm
0b887e9d0dee5fa77feae8143d134ba9 2008.0/i586/snort-prelude+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
a9e6bf9e1993eacd1063832575ffe977 2008.0/i586/snort-rules-2.3.3-4.1mdv2008.0.noarch.rpm
00f5191e8a96520bddec9103643e0749 2008.0/SRPMS/snort-2.7.0.1-2.1mdv2008.0.src.rpm
0be9e2861d2c13d582f40e6f1bd8e658 2008.0/SRPMS/snort-rules-2.3.3-4.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
d2f029f4ec84f06776fb384e56e4d721 2008.0/x86_64/snort-2.7.0.1-2.1mdv2008.0.x86_64.rpm
6c8ec7d6879e031ced36dc513bb7fe74 2008.0/x86_64/snort-bloat-2.7.0.1-2.1mdv2008.0.x86_64.rpm
fe4d3026e064ff96a18d3efe30d66751 2008.0/x86_64/snort-inline-2.7.0.1-2.1mdv2008.0.x86_64.rpm
cc1a7cae0cab080fa9988f4c98e79815 2008.0/x86_64/snort-inline+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
d82f9aeb3e9830dbe800ba56174d4db8 2008.0/x86_64/snort-mysql-2.7.0.1-2.1mdv2008.0.x86_64.rpm
a3dbf00d5ef116b42bd976ee9ade5fa3 2008.0/x86_64/snort-mysql+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
0418bd642265eceadb17fe715420df23 2008.0/x86_64/snort-plain+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
c230b6a1c20e51b2677ff1ae03cb5a15 2008.0/x86_64/snort-postgresql-2.7.0.1-2.1mdv2008.0.x86_64.rpm
d77df31ddcf18a7a7593e5066b718b5b 2008.0/x86_64/snort-postgresql+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
7acf1860096c4e33a4f98b761238eb8c 2008.0/x86_64/snort-prelude-2.7.0.1-2.1mdv2008.0.x86_64.rpm
1650df9efae93915a664dc8fd241e541 2008.0/x86_64/snort-prelude+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
bf0455c5009baba5e69fd36be577395f 2008.0/x86_64/snort-rules-2.3.3-4.1mdv2008.0.noarch.rpm
00f5191e8a96520bddec9103643e0749 2008.0/SRPMS/snort-2.7.0.1-2.1mdv2008.0.src.rpm
0be9e2861d2c13d582f40e6f1bd8e658 2008.0/SRPMS/snort-rules-2.3.3-4.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLInBCmqjQ0CJFipgRAmbZAJ4qNSA8+ArtaunQm/WVInVF69aXZQCgynQX
llu8khCpY699YQhOA1z6Nog=
=pqEG
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed