Your message dated Tue, 28 Oct 2008 21:17:14 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#483160: fixed in snort 2.7.0-20.1
has caused the Debian Bug report #483160,
regarding CVE-2008-1804: possibility to bypass detection rules
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
483160: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483160
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: snort
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE(0) has been issued against snort.
CVE-2008-1804:
preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not
properly identify packet fragments that have dissimilar TTL values,
which allows remote attackers to bypass detection rules by using a
different TTL for each fragment.
The upstream patch is here(1), but I guess it has to be backported.
In case you fix this issue by an upload, please mention the CVE id in
your changelog.
Cheers
Steffen
(0): http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1804
(1):
http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h
--- End Message ---
--- Begin Message ---
Source: snort
Source-Version: 2.7.0-20.1
We believe that the bug you reported is fixed in the latest version of
snort, which is due to be installed in the Debian FTP archive:
snort-common-libraries_2.7.0-20.1_i386.deb
to pool/main/s/snort/snort-common-libraries_2.7.0-20.1_i386.deb
snort-common_2.7.0-20.1_all.deb
to pool/main/s/snort/snort-common_2.7.0-20.1_all.deb
snort-doc_2.7.0-20.1_all.deb
to pool/main/s/snort/snort-doc_2.7.0-20.1_all.deb
snort-mysql_2.7.0-20.1_i386.deb
to pool/main/s/snort/snort-mysql_2.7.0-20.1_i386.deb
snort-pgsql_2.7.0-20.1_i386.deb
to pool/main/s/snort/snort-pgsql_2.7.0-20.1_i386.deb
snort-rules-default_2.7.0-20.1_all.deb
to pool/main/s/snort/snort-rules-default_2.7.0-20.1_all.deb
snort_2.7.0-20.1.dsc
to pool/main/s/snort/snort_2.7.0-20.1.dsc
snort_2.7.0-20.1.tar.gz
to pool/main/s/snort/snort_2.7.0-20.1.tar.gz
snort_2.7.0-20.1_i386.deb
to pool/main/s/snort/snort_2.7.0-20.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]> (supplier of updated snort
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 28 Oct 2008 21:32:48 +0100
Source: snort
Binary: snort snort-common snort-doc snort-mysql snort-pgsql
snort-rules-default snort-common-libraries
Architecture: source i386 all
Version: 2.7.0-20.1
Distribution: unstable
Urgency: low
Maintainer: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Changed-By: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Description:
snort - flexible Network Intrusion Detection System
snort-common - flexible Network Intrusion Detection System [common files]
snort-common-libraries - flexible Network Intrusion Detection System ruleset
snort-doc - Documentation for the Snort IDS [documentation]
snort-mysql - flexible Network Intrusion Detection System [MySQL]
snort-pgsql - flexible Network Intrusion Detection System [PostgreSQL]
snort-rules-default - flexible Network Intrusion Detection System ruleset
Closes: 483160
Changes:
snort (2.7.0-20.1) unstable; urgency=low
.
* Upload to testing-proposed-updates to fix security bug CVE-2008-1804 (see
below). This package cannot go through sid since the sid build uses
a newer libpcre version not available in lenny. (Closes: #483160)
Checksums-Sha1:
117d833139546dcd534f884249127fd77586a026 1159 snort_2.7.0-20.1.dsc
c3bf0df8afa1439657a20fa13e3fb918938e65fc 4706566 snort_2.7.0-20.1.tar.gz
592bd6a526d8fc6ae87809c9d1cca46d807618d5 463308 snort_2.7.0-20.1_i386.deb
08c320a58b4eb2b18413c47b974bf16a419f42c6 474258 snort-mysql_2.7.0-20.1_i386.deb
61cf1d10cd172a1e451eb2c5c31520703ffd047e 474070 snort-pgsql_2.7.0-20.1_i386.deb
70dffa5426708d3f55279d3c676db8b31b1de3d3 244370
snort-common-libraries_2.7.0-20.1_i386.deb
66f4f1bfc30ebbd1dccd5f85d17c8902244727f3 147180 snort-common_2.7.0-20.1_all.deb
70a4d0198e9786fa6d2aec022193ba9aa0b2af13 2303660 snort-doc_2.7.0-20.1_all.deb
9e171a0250c2ed8accbedf24d2cb47ea34b29e9b 401984
snort-rules-default_2.7.0-20.1_all.deb
Checksums-Sha256:
958cfd7fc9bb6e56fdfb05307bf86a053bf98d18f9163e9b64cf3c0fadea09a5 1159
snort_2.7.0-20.1.dsc
98426744c70d4532376bf4219a2c3b39fd3f76a14f2efbd437ea081bab6803d2 4706566
snort_2.7.0-20.1.tar.gz
df619b173a42559a79999356a4a9ba1c3be4d54f7de0039a43d319ea4db1baa9 463308
snort_2.7.0-20.1_i386.deb
199e1b88731e2a01f250cd8d2098937dbbbd810300b6e5d779f67d761a57f1cb 474258
snort-mysql_2.7.0-20.1_i386.deb
0af933023785faf32c4dfb4159252858d2ab91c208c11a2acf445b2e950695e1 474070
snort-pgsql_2.7.0-20.1_i386.deb
e2b5fddaeb7ba77b9cdd5259f028eaf5263865fe7de765ab8c874b2096e91785 244370
snort-common-libraries_2.7.0-20.1_i386.deb
be63a4a99193c9ca5573b4eacb7082be013f7c6e0efcd083eb0dadfd4583b387 147180
snort-common_2.7.0-20.1_all.deb
1f166b49e531b037a0f4e371c10d772b47c7b4d92e591b4695c237480ddf90a8 2303660
snort-doc_2.7.0-20.1_all.deb
05f221c5b20766bdc040480826de6bbd65fc79bcfae8cd39a95b17d38feca4bc 401984
snort-rules-default_2.7.0-20.1_all.deb
Files:
7255a25d2a487e1d88d752adfc190661 1159 net optional snort_2.7.0-20.1.dsc
57ab3e2c212726f9d0e8fc691853dda8 4706566 net optional snort_2.7.0-20.1.tar.gz
ee3f544296786ed1ae1369cae0342f4b 463308 net optional snort_2.7.0-20.1_i386.deb
d1fc7800ddd45a30fd00310db98a500c 474258 net extra
snort-mysql_2.7.0-20.1_i386.deb
61042d53bfa98cfcba9e3833bbf6ea1c 474070 net optional
snort-pgsql_2.7.0-20.1_i386.deb
9219f169fd29ef4634f4748821476878 244370 net optional
snort-common-libraries_2.7.0-20.1_i386.deb
66bf4eef6170a88859f372f02acee759 147180 net optional
snort-common_2.7.0-20.1_all.deb
ed3988869fbf939a2d429499b0e9e536 2303660 doc optional
snort-doc_2.7.0-20.1_all.deb
ef0decc0ed9014849dac49aac0bfc584 401984 net optional
snort-rules-default_2.7.0-20.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJB3uTsandgtyBSwkRAhDYAJ9JxOKoBr5awSSY4/Jo8aSHGYz0zACfQRwH
hn6iuIA7uxbCYahcCS5wCY0=
=TIBm
-----END PGP SIGNATURE-----
--- End Message ---