On Sun, Nov 01, 2009 at 10:41:20AM +0100, Giuseppe Iuculano wrote: > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for snort. > > CVE-2009-3641[0]: > | Snort before 2.8.5.1, when the -v option is enabled, allows remote > | attackers to cause a denial of service (application crash) via a > | crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.
On review, the Snort packages provided by Debian are *not* vulnerable to this bug. We do not enable IPv6 support in Snort, as we don't compile it with Ipv6 support (--enable-ipv6 flag). The DoS can only be exploited if IPv6 support has been compiled in (and even so, in a non-standard configuration that Snort packages do not use). Consequently, I'm downgrading the severity of the bug and will fix it with the next upstream release I package (2.8.5.x) once I fix the building issues I have with this next release. As this bug is not relevant to us (it exists in the source code but it is not exploitable) I'm not inclined to digging up the patch from the sources (the Snort team merged the fix with a new upstream release, they did not produce a separate patch) and fixing the stable and oldstable releases. If the Security Teams believes this merits a DSA for stable and oldstable, I will work on it for fixing the released versions through a specific patch. Regards, Javier [1] http://seclists.org/fulldisclosure/2009/Oct/299
signature.asc
Description: Digital signature