Your message dated Wed, 22 Oct 2008 02:17:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#483160: fixed in snort 2.7.0-20
has caused the Debian Bug report #483160,
regarding CVE-2008-1804: possibility to bypass detection rules
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
483160: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483160
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: snort
Severity: grave
Tags: security
Justification: user security hole

Hi

The following CVE(0) has been issued against snort.

CVE-2008-1804:

preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not
properly identify packet fragments that have dissimilar TTL values,
which allows remote attackers to bypass detection rules by using a
different TTL for each fragment.

The upstream patch is here(1), but I guess it has to be backported.


In case you fix this issue by an upload, please mention the CVE id in
your changelog.

Cheers
Steffen

(0): http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1804

(1): 
http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h



--- End Message ---
--- Begin Message ---
Source: snort
Source-Version: 2.7.0-20

We believe that the bug you reported is fixed in the latest version of
snort, which is due to be installed in the Debian FTP archive:

snort-common-libraries_2.7.0-20_i386.deb
  to pool/main/s/snort/snort-common-libraries_2.7.0-20_i386.deb
snort-common_2.7.0-20_all.deb
  to pool/main/s/snort/snort-common_2.7.0-20_all.deb
snort-doc_2.7.0-20_all.deb
  to pool/main/s/snort/snort-doc_2.7.0-20_all.deb
snort-mysql_2.7.0-20_i386.deb
  to pool/main/s/snort/snort-mysql_2.7.0-20_i386.deb
snort-pgsql_2.7.0-20_i386.deb
  to pool/main/s/snort/snort-pgsql_2.7.0-20_i386.deb
snort-rules-default_2.7.0-20_all.deb
  to pool/main/s/snort/snort-rules-default_2.7.0-20_all.deb
snort_2.7.0-20.diff.gz
  to pool/main/s/snort/snort_2.7.0-20.diff.gz
snort_2.7.0-20.dsc
  to pool/main/s/snort/snort_2.7.0-20.dsc
snort_2.7.0-20_i386.deb
  to pool/main/s/snort/snort_2.7.0-20_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]> (supplier of updated snort 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 22 Oct 2008 01:33:34 +0200
Source: snort
Binary: snort snort-common snort-doc snort-mysql snort-pgsql 
snort-rules-default snort-common-libraries
Architecture: source i386 all
Version: 2.7.0-20
Distribution: unstable
Urgency: high
Maintainer: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Changed-By: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Description: 
 snort      - flexible Network Intrusion Detection System
 snort-common - flexible Network Intrusion Detection System [common files]
 snort-common-libraries - flexible Network Intrusion Detection System ruleset
 snort-doc  - Documentation for the Snort IDS [documentation]
 snort-mysql - flexible Network Intrusion Detection System [MySQL]
 snort-pgsql - flexible Network Intrusion Detection System [PostgreSQL]
 snort-rules-default - flexible Network Intrusion Detection System ruleset
Closes: 483160
Changes: 
 snort (2.7.0-20) unstable; urgency=high
 .
   [ CVE-2008-1804 ]
   * Fix error in preprocessors/spp_frag3.c that prevented Snort from properly
     identifying packet fragments that had dissimilar TTL values, which allowed
     remote attackers to bypass detection rules by using a different TTL for
     each fragment. Also update src/generators.h to include the new 
FRAG3_MIN_TTL
     defines (Closes: #483160)
Checksums-Sha1: 
 5715d78589ebcd157fe4de64ca9536e6e2d32747 1392 snort_2.7.0-20.dsc
 8b5448d1cd5c8748e84bedc0e1cbc6709be598a3 1600986 snort_2.7.0-20.diff.gz
 1dff864fa77db23f776ceb392ad5efdc568bee8c 463238 snort_2.7.0-20_i386.deb
 adbdbd534bd5ad00a40a9f386080e9faa890fc84 474122 snort-mysql_2.7.0-20_i386.deb
 b9baa99b56161fdbf8b23569951b03adb81e3947 473916 snort-pgsql_2.7.0-20_i386.deb
 fb9f4d3d261c27fecdd43901db7a45de36cc0b1c 244248 
snort-common-libraries_2.7.0-20_i386.deb
 1dcbe60912b411c6eb3632e6b7604cf4cfb12673 147070 snort-common_2.7.0-20_all.deb
 27325930bd2638927318035c41a19f789729d95d 2303508 snort-doc_2.7.0-20_all.deb
 87668a8c29c6c226401bf5e37d0cb3af460d4cb5 401880 
snort-rules-default_2.7.0-20_all.deb
Checksums-Sha256: 
 c737aa9a89f68e1cb9e4abf6748c28e400ee6ce9dafebce2f561ba8a6cd8dcef 1392 
snort_2.7.0-20.dsc
 ba7a2d81fcbca7ab248c7c84d50dde6319307260b069343c77baf5c71fdb9043 1600986 
snort_2.7.0-20.diff.gz
 444d212f3a2b664f82115c009870fd6c3337ba8193e46721f66ae9ca9c385cc7 463238 
snort_2.7.0-20_i386.deb
 1cde6e6d00a1123d6743d73b43b818577870a880bb55ba43f149e8d7b463b2e1 474122 
snort-mysql_2.7.0-20_i386.deb
 1f02d8e9cd366bd737047e1c23d9b79c897b663d0e3d8fb600637bdf0971b535 473916 
snort-pgsql_2.7.0-20_i386.deb
 460eecd5b7cc7f51324e7ab18cd313093afc04f8b38f2b293c2bfbd4ed39aefa 244248 
snort-common-libraries_2.7.0-20_i386.deb
 57eaa708f33376bc44c95026fb257008a0ab285b7818d0405b7cb4e60bffa796 147070 
snort-common_2.7.0-20_all.deb
 93e33bd93419998219f526f2003346ec6ad22a45e1ed3afa7991075365fb2197 2303508 
snort-doc_2.7.0-20_all.deb
 2e4489f329852a2a0511ab3a144605c05a1379fbb4400d0b5abbf88ffc8bfabe 401880 
snort-rules-default_2.7.0-20_all.deb
Files: 
 1cf8829fdd97bf0fdf90d71598947694 1392 net optional snort_2.7.0-20.dsc
 575397c4d234682d1a9de7b241d9a295 1600986 net optional snort_2.7.0-20.diff.gz
 ac136017e54de303248242c8ed4638e4 463238 net optional snort_2.7.0-20_i386.deb
 3ead32c6482452f8fc2a78b647020dbb 474122 net extra snort-mysql_2.7.0-20_i386.deb
 34a59ec79df1d783d20ed0bf79585d0a 473916 net optional 
snort-pgsql_2.7.0-20_i386.deb
 d9cf262932eb3359b4d04715be10cff8 244248 net optional 
snort-common-libraries_2.7.0-20_i386.deb
 be86e329b462da4794d942dde7093a35 147070 net optional 
snort-common_2.7.0-20_all.deb
 24d43dad8958e5513f85c51b77728128 2303508 doc optional 
snort-doc_2.7.0-20_all.deb
 16389418423eac368f7c8605c9457a28 401880 net optional 
snort-rules-default_2.7.0-20_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI/oYfsandgtyBSwkRAiwqAJsFG1qdFefeX034fyQ7urNmWb2QngCfdA/l
xTlXqycQmaPuUbWPzm6KEQY=
=ZrON
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to