Snort exploit in wild.

2003-04-25 Thread David Ramsden
Hi, Noticed on vil.mcafee.com that a proof of concept exploit for Snort to exploit the vuln. found in v1.8 through to 1.9.1. Packet Storm Security have this proof of concept on their site (local exploit at the moment). It uses a call-back technique to spawn a shell on the attackers machine, via

Re: Snort exploit in wild.

2003-04-25 Thread Marcel Weber
David Ramsden wrote: Hi, Noticed on vil.mcafee.com that a proof of concept exploit for Snort to exploit the vuln. found in v1.8 through to 1.9.1. Packet Storm Security have this proof of concept on their site (local exploit at the moment). It uses a call-back technique to spawn a shell on the

Re: Snort exploit in wild.

2003-04-25 Thread Gian Piero Carrubba
Il ven, 2003-04-25 alle 11:19, David Ramsden ha scritto: Noticed on vil.mcafee.com that a proof of concept exploit for Snort to exploit the vuln. found in v1.8 through to 1.9.1. up to 2.0rc1 as reported by cert What's the status of a patch from Debian Security? No DSA yet either. I know

Re: Snort exploit in wild.

2003-04-25 Thread David Ramsden
On Fri, Apr 25, 2003 at 12:13:38PM +0200, Marcel Weber wrote: David Ramsden wrote: [snip] Following the advice from heise.de [1] it should be enough to comment out the line: preprocessor stream4_reassemble in your /etc/snort/snort.conf as the vulnerability is in this module. Of

Re: Snort exploit in wild.

2003-04-25 Thread David Ramsden
- Forwarded message from Marcel Weber [EMAIL PROTECTED] - From: Marcel Weber [EMAIL PROTECTED] To: David Ramsden [EMAIL PROTECTED] Cc: debian-security@lists.debian.org Subject: Re: Snort exploit in wild. X-Virus-Scanned: by AMaViS and OpenAntivirus ScannerDaemon X-Spam-Status: No, hits

Re: Snort exploit in wild.

2003-04-25 Thread Nick Boyce
On Fri, 25 Apr 2003 10:19:59 +0100, David Ramsden wrote: Noticed on vil.mcafee.com that a proof of concept exploit for Snort to exploit the vuln. found in v1.8 through to 1.9.1. [...] What's the status of a patch from Debian Security? No DSA yet either. I know this has been brought up a few times

Re: Snort exploit in wild.

2003-04-25 Thread Noah Meyerhans
On Fri, Apr 25, 2003 at 10:44:49PM +0100, Nick Boyce wrote: The general consensus of opinion (including the Debian packager) was that *nobody* should even consider using the V1.8.4 Snort package in Woody - it's much too old, and has a number of security issues. It's not really that it has a