| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: aliz at gentoo.org (Daniel Ahlberg) Subject: GLSA: snort (200303-6.1) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-6.1 - - - --------------------------------------------------------------------- PACKAGE : snort SUMMARY : buffer overflow DATE : 2003-03-06 10:59 UTC EXPLOIT : remote VERSIONS AFFECTED : <1.9.1 FIXED VERSION : =>1.9.1 CVE : CAN-2003-0033 - - - --------------------------------------------------------------------- - - From advisory: "Remote attackers may exploit the buffer overflow condition to run arbitrary code on a Snort sensor with the privileges of the Snort IDS process, which typically runs as the superuser. The vulnerable preprocessor is enabled by default. It is not necessary to establish an actual connection to a RPC portmapper service to exploit this vulnerability." Read the full advisory at: http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951 SOLUTION It is recommended that all Gentoo Linux users who are running net-analyzer/snort upgrade to snort-1.9.1 as follows: emerge sync emerge -u snort emerge clean - - - --------------------------------------------------------------------- aliz@...too.org - GnuPG key is available at http://cvs.gentoo.org/~aliz - - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+aIVJfT7nyhUpoZMRAlEBAJ9bQ2DtVTLgZDqUXfbAIB3Ruwd/dQCgh81e V2BQR1tEGzaUGMhWAbtiSng= =RkkJ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists