[Bug 235901]
Thank you for reporting this bug and helping to make Ubuntu better. The package referred to in this bug is in universe or multiverse and reported against a release of Ubuntu (hardy) which no longer receives updates outside of the explicitly supported LTS packages. While the bug against hardy is being marked Won't Fix for now, if you are interested feel free to post a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures' Please feel free to report any other bugs you may find. ** Changed in: snort (Ubuntu Hardy) Status: New = Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/235901 Title: [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snort/+bug/235901/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 235901] Re: [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability
** Branch linked: lp:ubuntu/snort -- [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability https://bugs.launchpad.net/bugs/235901 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 235901] Re: [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability
The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life - http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the Gutsy task. ** Changed in: snort (Ubuntu Gutsy) Status: New = Won't Fix -- [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability https://bugs.launchpad.net/bugs/235901 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 235901] Re: [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability
** Changed in: snort (Ubuntu) Importance: Undecided = Low Status: New = Confirmed -- [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability https://bugs.launchpad.net/bugs/235901 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 235901] Re: [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability
This bug was fixed in the package snort - 2.7.0-19ubuntu1 --- snort (2.7.0-19ubuntu1) intrepid; urgency=low * src/preprocessors/flow/portscan/server_stats.c: - Specify mode permission during open call, fix FTBFS. * Apply patch from upstream CVS to let frag3 to remove enforcement of ttl_limit. Add preprocessor alert for min_ttl anomaly (LP: #235901). * References: - CVE-2008-1804 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1804 snort (2.7.0-19) unstable; urgency=low * Make the snort_rules_update example script use bash instead of sh. (Closes: #489662) snort (2.7.0-18) unstable; urgency=low * Romain debconf translation provided by Eddy Petrior (Closes: 486137) * Swedish debconf translation provided by Martin Bagge (Closes: 491785) -- Luca Falavigna [EMAIL PROTECTED] Mon, 15 Sep 2008 21:22:19 +0200 ** Changed in: snort (Ubuntu) Status: Confirmed = Fix Released -- [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability https://bugs.launchpad.net/bugs/235901 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 235901] [NEW] [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: snort CVE-2008-1804 description: Remote exploitation of a design error vulnerability in Snort [...] could allow an attacker to bypass filter rules. Due to a design error vulnerability, Snort does not properly reassemble fragmented IP packets. When receiving incoming fragments, Snort checks the Time To Live (TTL) value of the fragment, and compares it to the TTL of the initial fragment. If the difference between the initial fragment and the following fragments is more than a configured amount, the fragments will be silently discard. This results in valid traffic not being examined and/or filtered by Snort. [...] iDefense has confirmed the existence of this vulnerability in Snort 2.8 and 2.6. Snort 2.4 is not vulnerable. http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=701 preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1804 ** Affects: snort (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1804 -- [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability https://bugs.launchpad.net/bugs/235901 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
