Mandriva Linux Security Advisory 2009-259 - preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. The updated packages have been patched to prevent this.
28c2075c1e4286319cc937a5d2585bf98b1ac3991c45cf7ef0e9bb1a1fa81964
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:259
https://www.mandriva.com/security/
_______________________________________________________________________
Package : snort
Date : October 7, 2009
Affected: 2008.1
_______________________________________________________________________
Problem Description:
preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not
properly identify packet fragments that have dissimilar TTL values,
which allows remote attackers to bypass detection rules by using a
different TTL for each fragment. (CVE-2008-1804)
The updated packages have been patched to prevent this.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1804
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
dc3906dc1d48752b0028db52dda4e9b4 2008.1/i586/snort-2.8.0.1-0.3mdv2008.1.i586.rpm
6c34aaba7a0021ccc797674b1b80bd46 2008.1/i586/snort-bloat-2.8.0.1-0.3mdv2008.1.i586.rpm
c95670f1057d26073663beb067704575 2008.1/i586/snort-inline-2.8.0.1-0.3mdv2008.1.i586.rpm
f38aca6368004b309de50a9e89ae4711 2008.1/i586/snort-inline+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm
ae5e49f3664e21fd7576f27d51f0ab16 2008.1/i586/snort-mysql-2.8.0.1-0.3mdv2008.1.i586.rpm
72378abc8bded4a46f4a4742a76bf071 2008.1/i586/snort-mysql+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm
9b91fb239c850094fe3d068d5e8ac4b2 2008.1/i586/snort-plain+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm
da019e8b5e97df18c4730a539c0f9138 2008.1/i586/snort-postgresql-2.8.0.1-0.3mdv2008.1.i586.rpm
795e63ccf0f37e51c650eec1c22f59bc 2008.1/i586/snort-postgresql+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm
dc86b9a563093dc6e723ea7b76ea38ce 2008.1/i586/snort-prelude-2.8.0.1-0.3mdv2008.1.i586.rpm
2a397c8290156cf78fda4bbab18677e4 2008.1/i586/snort-prelude+flexresp-2.8.0.1-0.3mdv2008.1.i586.rpm
745baaa0d4e9b8c8a874f05e1742a77e 2008.1/SRPMS/snort-2.8.0.1-0.3mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
4540092c49a3dabb3401e95de9dde397 2008.1/x86_64/snort-2.8.0.1-0.3mdv2008.1.x86_64.rpm
f62c42af2d2c39deeec921e3e04318c2 2008.1/x86_64/snort-bloat-2.8.0.1-0.3mdv2008.1.x86_64.rpm
8a2e5997b5ddc0917f8e661bbf228ab0 2008.1/x86_64/snort-inline-2.8.0.1-0.3mdv2008.1.x86_64.rpm
5a8e5de46c6adb8f5840ee0220a3825d 2008.1/x86_64/snort-inline+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm
53e029637c4d7b54cc1dda1ca0a84f71 2008.1/x86_64/snort-mysql-2.8.0.1-0.3mdv2008.1.x86_64.rpm
552026c7b229ec62e5c41f2034b4d18f 2008.1/x86_64/snort-mysql+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm
8036750a3fc64817acf1c82ce9f588cf 2008.1/x86_64/snort-plain+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm
c4c349130ffd21720bb0b59a0653cc2a 2008.1/x86_64/snort-postgresql-2.8.0.1-0.3mdv2008.1.x86_64.rpm
3c2c7bafdc630238ce2d3a27b7dc54ab 2008.1/x86_64/snort-postgresql+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm
8d6c4fdc34d23992846bc23dde64da9c 2008.1/x86_64/snort-prelude-2.8.0.1-0.3mdv2008.1.x86_64.rpm
69e6dcc8c225e4ef231a03b24c1609bb 2008.1/x86_64/snort-prelude+flexresp-2.8.0.1-0.3mdv2008.1.x86_64.rpm
745baaa0d4e9b8c8a874f05e1742a77e 2008.1/SRPMS/snort-2.8.0.1-0.3mdv2008.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKzRBPmqjQ0CJFipgRAtgTAJ40Hw8QpOu7G2hJshupeYo1nISexgCfSGDj
lOR8kwq98+UqPA7h/HJr22I=
=7No9
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed