From owner-freebsd-security Mon Mar 10 8:36:19 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3531337B401 for ; Mon, 10 Mar 2003 08:36:17 -0800 (PST) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 6D38443F93 for ; Mon, 10 Mar 2003 08:36:15 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 24237 invoked from network); 10 Mar 2003 16:31:53 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 10 Mar 2003 16:31:53 -0000 Received: (qmail 39727 invoked by uid 1000); 10 Mar 2003 16:34:44 -0000 Date: Mon, 10 Mar 2003 18:34:44 +0200 From: Peter Pentchev To: "Michael L. Squires" Cc: freebsd-security@freebsd.org Subject: Re: Snort 1.9.0 exploit Message-ID: <20030310163444.GM578@straylight.oblivion.bg> Mail-Followup-To: "Michael L. Squires" , freebsd-security@freebsd.org References: <200303101616.h2AGGjcS010643@siralan.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Rex5+51txc1ort/q" Content-Disposition: inline In-Reply-To: <200303101616.h2AGGjcS010643@siralan.org> User-Agent: Mutt/1.5.3i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Rex5+51txc1ort/q Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 10, 2003 at 11:16:44AM -0500, Michael L. Squires wrote: > I got a message from SANS that the version of Snort that was part of > 4.8-RC2, at least (1.8 through 1.9.0 and 2.0 beta) has a buffer > overflow problem that could be used to gain root access. >=20 > The quick fix is to disable the RPC preprocessor by commenting out the > line "preprocessor rpc_decode" in snort.conf. >=20 > See www.snort.org for more info. Kris Kennaway , the maintainer of the security/snort port, updated it 6 days ago to 1.9.1 in response to the ISS advisory. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If the meanings of 'true' and 'false' were switched, then this sentence wou= ldn't be false. --Rex5+51txc1ort/q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+bL6k7Ri2jRYZRVMRAgaqAJ9+xEhMtNgijOOKE/tYL/FpJNomHwCgkEe8 tCVy/C+f9NMg/YwVKPIRLCI= =Xv24 -----END PGP SIGNATURE----- --Rex5+51txc1ort/q-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message