On Sun, Nov 01, 2009 at 10:41:20AM +0100, Giuseppe Iuculano wrote:
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for snort.
CVE-2009-3641[0]:
| Snort before 2.8.5.1, when the -v option is enabled, allows remote
| attackers to cause a denial of service (application crash) via a
| crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.
On review, the Snort packages provided by Debian are *not* vulnerable to this
bug. We do not enable IPv6 support in Snort, as we don't compile it with
Ipv6 support (--enable-ipv6 flag). The DoS can only be exploited if IPv6
support has been compiled in (and even so, in a non-standard configuration
that Snort packages do not use).
Consequently, I'm downgrading the severity of the bug and will fix it with
the next upstream release I package (2.8.5.x) once I fix the building issues
I have with this next release.
As this bug is not relevant to us (it exists in the source code but it is not
exploitable) I'm not inclined to digging up the patch from the sources (the
Snort team merged the fix with a new upstream release, they did not produce a
separate patch) and fixing the stable and oldstable releases. If the Security
Teams believes this merits a DSA for stable and oldstable, I will work on it
for fixing the released versions through a specific patch.
Regards,
Javier
[1] http://seclists.org/fulldisclosure/2009/Oct/299
signature.asc
Description: Digital signature
