Date: Mon, 10 Mar 2003 18:34:44 +0200 From: Peter Pentchev <roam@ringlet.net> To: "Michael L. Squires" <mikes@siralan.org> Cc: freebsd-security@freebsd.org Subject: Re: Snort 1.9.0 exploit Message-ID: <20030310163444.GM578@straylight.oblivion.bg> In-Reply-To: <200303101616.h2AGGjcS010643@siralan.org> References: <200303101616.h2AGGjcS010643@siralan.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Rex5+51txc1ort/q Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 10, 2003 at 11:16:44AM -0500, Michael L. Squires wrote: > I got a message from SANS that the version of Snort that was part of > 4.8-RC2, at least (1.8 through 1.9.0 and 2.0 beta) has a buffer > overflow problem that could be used to gain root access. >=20 > The quick fix is to disable the RPC preprocessor by commenting out the > line "preprocessor rpc_decode" in snort.conf. >=20 > See www.snort.org for more info. Kris Kennaway <kris@FreeBSD.org>, the maintainer of the security/snort port, updated it 6 days ago to 1.9.1 in response to the ISS advisory. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If the meanings of 'true' and 'false' were switched, then this sentence wou= ldn't be false. --Rex5+51txc1ort/q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+bL6k7Ri2jRYZRVMRAgaqAJ9+xEhMtNgijOOKE/tYL/FpJNomHwCgkEe8 tCVy/C+f9NMg/YwVKPIRLCI= =Xv24 -----END PGP SIGNATURE----- --Rex5+51txc1ort/q-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030310163444.GM578>