{"id": "MANDRIVA_MDVSA-2009-259.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : snort (MDVSA-2009:259-1)", "description": "preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. (CVE-2008-1804)\n\nThe updated packages have been patched to prevent this.\n\nAdditionally there were problems with two rules in the snort-rules package for 2008.0 that is also fixed with this update.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "published": "2009-10-08T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/42063", "reporter": "This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1804"], "cvelist": ["CVE-2008-1804"], "immutableFields": [], "lastseen": "2021-10-16T02:43:57", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1804"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1804"]}, {"type": "fedora", "idList": ["FEDORA:M567L8WC015951", "FEDORA:M567MPL9016111", "FEDORA:M567PFWV016676"]}, {"type": "nessus", "idList": ["FEDORA_2008-4986.NASL", "FEDORA_2008-5001.NASL", "FEDORA_2008-5045.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065735", "OPENVAS:136141256231066495", "OPENVAS:65735", "OPENVAS:66495", "OPENVAS:860026", "OPENVAS:860703", "OPENVAS:860885"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19894", "SECURITYVULNS:VULN:9021"]}, {"type": "seebug", "idList": ["SSV:3318"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1804"]}], "rev": 4}, "score": {"value": 5.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2008-1804"]}, {"type": "fedora", "idList": ["FEDORA:M567L8WC015951"]}, {"type": "nessus", "idList": ["FEDORA_2008-5045.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066495"]}, {"type": "seebug", "idList": ["SSV:3318"]}]}, "exploitation": null, "vulnersScore": 5.5}, "pluginID": "42063", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:259. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42063);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1804\");\n script_xref(name:\"MDVSA\", value:\"2009:259-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : snort (MDVSA-2009:259-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not\nproperly identify packet fragments that have dissimilar TTL values,\nwhich allows remote attackers to bypass detection rules by using a\ndifferent TTL for each fragment. (CVE-2008-1804)\n\nThe updated packages have been patched to prevent this.\n\nAdditionally there were problems with two rules in the snort-rules\npackage for 2008.0 that is also fixed with this update.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:snort\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:snort-bloat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:snort-inline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:snort-inline+flexresp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:snort-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:snort-mysql+flexresp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:snort-plain+flexresp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:snort-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:snort-postgresql+flexresp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:snort-prelude\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:snort-prelude+flexresp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:snort-rules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"snort-2.7.0.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"snort-bloat-2.7.0.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"snort-inline-2.7.0.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"snort-inline+flexresp-2.7.0.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"snort-mysql-2.7.0.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"snort-mysql+flexresp-2.7.0.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"snort-plain+flexresp-2.7.0.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"snort-postgresql-2.7.0.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"snort-postgresql+flexresp-2.7.0.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"snort-prelude-2.7.0.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"snort-prelude+flexresp-2.7.0.1-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"snort-rules-2.3.3-4.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "cpe": ["p-cpe:/a:mandriva:linux:snort", "p-cpe:/a:mandriva:linux:snort-bloat", "p-cpe:/a:mandriva:linux:snort-inline", "p-cpe:/a:mandriva:linux:snort-inline%2bflexresp", "p-cpe:/a:mandriva:linux:snort-mysql", "p-cpe:/a:mandriva:linux:snort-mysql%2bflexresp", "p-cpe:/a:mandriva:linux:snort-plain%2bflexresp", "p-cpe:/a:mandriva:linux:snort-postgresql", "p-cpe:/a:mandriva:linux:snort-postgresql%2bflexresp", "p-cpe:/a:mandriva:linux:snort-prelude", "p-cpe:/a:mandriva:linux:snort-prelude%2bflexresp", "p-cpe:/a:mandriva:linux:snort-rules", "cpe:/o:mandriva:linux:2008.0"], "solution": "Update the affected packages.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2009-12-11T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1646631711}}

{"openvas": [{"lastseen": "2017-07-24T12:56:59", "description": "The remote host is missing an update to snort\nannounced via advisory MDVSA-2009:259-1.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:259-1 (snort)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66495", "href": "http://plugins.openvas.org/nasl.php?oid=66495", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_259_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:259-1 (snort)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not\nproperly identify packet fragments that have dissimilar TTL values,\nwhich allows remote attackers to bypass detection rules by using a\ndifferent TTL for each fragment. (CVE-2008-1804)\n\nThe updated packages have been patched to prevent this.\n\nAdditionally there were problems with two rules in the snort-rules\npackage for 2008.0 that is also fixed with this update.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:259-1\";\ntag_summary = \"The remote host is missing an update to snort\nannounced via advisory MDVSA-2009:259-1.\";\n\n \n\nif(description)\n{\n script_id(66495);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2008-1804\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:259-1 (snort)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"snort\", rpm:\"snort~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-bloat\", rpm:\"snort-bloat~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-inline\", rpm:\"snort-inline~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-inline+flexresp\", rpm:\"snort-inline+flexresp~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-mysql\", rpm:\"snort-mysql~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-mysql+flexresp\", rpm:\"snort-mysql+flexresp~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-plain+flexresp\", rpm:\"snort-plain+flexresp~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-postgresql\", rpm:\"snort-postgresql~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-postgresql+flexresp\", rpm:\"snort-postgresql+flexresp~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-prelude\", rpm:\"snort-prelude~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-prelude+flexresp\", rpm:\"snort-prelude+flexresp~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-rules\", rpm:\"snort-rules~2.3.3~4.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:40", "description": "The remote host is missing an update to snort\nannounced via advisory MDVSA-2009:259.", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:259 (snort)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:65735", "href": "http://plugins.openvas.org/nasl.php?oid=65735", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_259.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:259 (snort)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not\nproperly identify packet fragments that have dissimilar TTL values,\nwhich allows remote attackers to bypass detection rules by using a\ndifferent TTL for each fragment. (CVE-2008-1804)\n\nThe updated packages have been patched to prevent this.\n\nAffected: 2008.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:259\";\ntag_summary = \"The remote host is missing an update to snort\nannounced via advisory MDVSA-2009:259.\";\n\n \n\nif(description)\n{\n script_id(65735);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-1804\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:259 (snort)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"snort\", rpm:\"snort~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-bloat\", rpm:\"snort-bloat~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-inline\", rpm:\"snort-inline~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-inline+flexresp\", rpm:\"snort-inline+flexresp~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-mysql\", rpm:\"snort-mysql~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-mysql+flexresp\", rpm:\"snort-mysql+flexresp~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-plain+flexresp\", rpm:\"snort-plain+flexresp~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-postgresql\", rpm:\"snort-postgresql~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-postgresql+flexresp\", rpm:\"snort-postgresql+flexresp~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-prelude\", rpm:\"snort-prelude~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-prelude+flexresp\", rpm:\"snort-prelude+flexresp~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:02", "description": "Check for the Version of snort", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for snort FEDORA-2008-5045", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860026", "href": "http://plugins.openvas.org/nasl.php?oid=860026", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for snort FEDORA-2008-5045\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Snort is a libpcap-based packet sniffer/logger which\n can be used as a lightweight network intrusion detection system.\n It features rules based logging and can perform protocol analysis,\n content searching/matching and can be used to detect a variety of\n attacks and probes, such as buffer overflows, stealth port scans,\n CGI attacks, SMB probes, OS fingerprinting attempts, and much more.\n Snort has a real-time alerting capabilty, with alerts being sent to syslog,\n a separate &quot;alert&quot; file, or as a WinPopup message via Samba's smbclient\n\n Edit /etc/snort.conf to configure snort and use snort.d to start snort\n \n This rpm is different from previous rpms and while it will not clobber\n your current snortd file, you will need to modify it.\n \n There are 9 different packages available\n \n All of them require the base snort rpm. Additionally, you will need\n to chose a binary to install.\n \n /usr/sbin/snort should end up being a symlink to a binary in one of\n the following configurations:\n \n plain plain+flexresp\n mysql mysql+flexresp\n postgresql postgresql+flexresp\n snmp snmp+flexresp\n bloat mysql+postgresql+flexresp+snmp\n \n Please see the documentation in /usr/share/doc/snort-2.8.1\n \n There are no rules in this package the license they are released under forbids\n us from repackaging them and redistributing them.\";\n\ntag_affected = \"snort on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00198.html\");\n script_id(860026);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:50:22 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-5045\");\n script_cve_id(\"CVE-2008-1804\");\n script_name( \"Fedora Update for snort FEDORA-2008-5045\");\n\n script_summary(\"Check for the Version of snort\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"snort\", rpm:\"snort~2.8.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:57", "description": "The remote host is missing an update to snort\nannounced via advisory MDVSA-2009:259-1.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:259-1 (snort)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066495", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066495", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_259_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:259-1 (snort)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not\nproperly identify packet fragments that have dissimilar TTL values,\nwhich allows remote attackers to bypass detection rules by using a\ndifferent TTL for each fragment. (CVE-2008-1804)\n\nThe updated packages have been patched to prevent this.\n\nAdditionally there were problems with two rules in the snort-rules\npackage for 2008.0 that is also fixed with this update.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:259-1\";\ntag_summary = \"The remote host is missing an update to snort\nannounced via advisory MDVSA-2009:259-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66495\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2008-1804\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:259-1 (snort)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"snort\", rpm:\"snort~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-bloat\", rpm:\"snort-bloat~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-inline\", rpm:\"snort-inline~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-inline+flexresp\", rpm:\"snort-inline+flexresp~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-mysql\", rpm:\"snort-mysql~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-mysql+flexresp\", rpm:\"snort-mysql+flexresp~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-plain+flexresp\", rpm:\"snort-plain+flexresp~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-postgresql\", rpm:\"snort-postgresql~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-postgresql+flexresp\", rpm:\"snort-postgresql+flexresp~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-prelude\", rpm:\"snort-prelude~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-prelude+flexresp\", rpm:\"snort-prelude+flexresp~2.7.0.1~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-rules\", rpm:\"snort-rules~2.3.3~4.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:05", "description": "Check for the Version of snort", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for snort FEDORA-2008-4986", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860703", "href": "http://plugins.openvas.org/nasl.php?oid=860703", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for snort FEDORA-2008-4986\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Snort is a libpcap-based packet sniffer/logger which\n can be used as a lightweight network intrusion detection system.\n It features rules based logging and can perform protocol analysis,\n content searching/matching and can be used to detect a variety of\n attacks and probes, such as buffer overflows, stealth port scans,\n CGI attacks, SMB probes, OS fingerprinting attempts, and much more.\n Snort has a real-time alerting capabilty, with alerts being sent to syslog,\n a separate &quot;alert&quot; file, or as a WinPopup message via Samba's smbclient\n\n Edit /etc/snort.conf to configure snort and use snort.d to start snort\n \n This rpm is different from previous rpms and while it will not clobber\n your current snortd file, you will need to modify it.\n \n There are 9 different packages available\n \n All of them require the base snort rpm. Additionally, you will need\n to chose a binary to install.\n \n /usr/sbin/snort should end up being a symlink to a binary in one of\n the following configurations:\n \n plain plain+flexresp\n mysql mysql+flexresp\n postgresql postgresql+flexresp\n snmp snmp+flexresp\n bloat mysql+postgresql+flexresp+snmp\n \n Please see the documentation in /usr/share/doc/snort-2.8.1\n \n There are no rules in this package the license they are released under forbids\n us from repackaging them and redistributing them.\";\n\ntag_affected = \"snort on Fedora 9\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00156.html\");\n script_id(860703);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:47:15 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-4986\");\n script_cve_id(\"CVE-2008-1804\");\n script_name( \"Fedora Update for snort FEDORA-2008-4986\");\n\n script_summary(\"Check for the Version of snort\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"snort\", rpm:\"snort~2.8.1~3.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:56", "description": "The remote host is missing an update to snort\nannounced via advisory MDVSA-2009:259.", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:259 (snort)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065735", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065735", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_259.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:259 (snort)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not\nproperly identify packet fragments that have dissimilar TTL values,\nwhich allows remote attackers to bypass detection rules by using a\ndifferent TTL for each fragment. (CVE-2008-1804)\n\nThe updated packages have been patched to prevent this.\n\nAffected: 2008.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:259\";\ntag_summary = \"The remote host is missing an update to snort\nannounced via advisory MDVSA-2009:259.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65735\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-1804\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:259 (snort)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"snort\", rpm:\"snort~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-bloat\", rpm:\"snort-bloat~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-inline\", rpm:\"snort-inline~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-inline+flexresp\", rpm:\"snort-inline+flexresp~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-mysql\", rpm:\"snort-mysql~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-mysql+flexresp\", rpm:\"snort-mysql+flexresp~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-plain+flexresp\", rpm:\"snort-plain+flexresp~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-postgresql\", rpm:\"snort-postgresql~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-postgresql+flexresp\", rpm:\"snort-postgresql+flexresp~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-prelude\", rpm:\"snort-prelude~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snort-prelude+flexresp\", rpm:\"snort-prelude+flexresp~2.8.0.1~0.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:01", "description": "Check for the Version of snort", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for snort FEDORA-2008-5001", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860885", "href": "http://plugins.openvas.org/nasl.php?oid=860885", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for snort FEDORA-2008-5001\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Snort is a libpcap-based packet sniffer/logger which\n can be used as a lightweight network intrusion detection system.\n It features rules based logging and can perform protocol analysis,\n content searching/matching and can be used to detect a variety of\n attacks and probes, such as buffer overflows, stealth port scans,\n CGI attacks, SMB probes, OS fingerprinting attempts, and much more.\n Snort has a real-time alerting capabilty, with alerts being sent to syslog,\n a separate &quot;alert&quot; file, or as a WinPopup message via Samba's smbclient\n\n Edit /etc/snort.conf to configure snort and use snort.d to start snort\n \n This rpm is different from previous rpms and while it will not clobber\n your current snortd file, you will need to modify it.\n \n There are 9 different packages available\n \n All of them require the base snort rpm. Additionally, you will need\n to chose a binary to install.\n \n /usr/sbin/snort should end up being a symlink to a binary in one of\n the following configurations:\n \n plain plain+flexresp\n mysql mysql+flexresp\n postgresql postgresql+flexresp\n snmp snmp+flexresp\n bloat mysql+postgresql+flexresp+snmp\n \n Please see the documentation in /usr/share/doc/snort-2.8.1\n \n There are no rules in this package the license they are released under forbids\n us from repackaging them and redistributing them.\";\n\ntag_affected = \"snort on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00167.html\");\n script_id(860885);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:50:22 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-5001\");\n script_cve_id(\"CVE-2008-1804\");\n script_name( \"Fedora Update for snort FEDORA-2008-5001\");\n\n script_summary(\"Check for the Version of snort\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"snort\", rpm:\"snort~2.8.1~3.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:29", "description": "Packet&#39;s fragments with significant TTL difference are ignored.", "edition": 1, "cvss3": {}, "published": "2008-05-22T00:00:00", "title": "snort IDS protection bypass", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2008-05-22T00:00:00", "id": "SECURITYVULNS:VULN:9021", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9021", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:26", "description": "iDefense Security Advisory 05.21.08\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nMay 21, 2008\r\n\r\nI. BACKGROUND\r\n\r\nSnort is an open source network intrusion detection &#40;IDS&#41; and prevention\r\nsystem &#40;IPS&#41;. In addition to being available as a package for most Unix\r\noperating system distributions, various commercial hardware devices\r\nalso use Snort as an IDS/IPS. For more information, see the vendor&#39;s\r\nwebsite found at the following URL.\r\n\r\nhttp://www.snort.org/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a design error vulnerability in Snort, as\r\nincluded in various vendors&#39; operating system distributions, could\r\nallow an attacker to bypass filter rules.\r\n\r\nDue to a design error vulnerability, Snort does not properly reassemble\r\nfragmented IP packets. When receiving incoming fragments, Snort checks\r\nthe Time To Live &#40;TTL&#41; value of the fragment, and compares it to the\r\nTTL of the initial fragment. If the difference between the initial\r\nfragment and the following fragments is more than a configured amount,\r\nthe fragments will be silently discard. This results in valid traffic\r\nnot being examined and/or filtered by Snort.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability allows an attacker to bypass all\r\nSnort rules. In order to exploit this vulnerability, an attacker would\r\nhave to fragment IP packets destined for a targeted host, ensuring that\r\nthe TTL difference is greater than the configured maximum. By default,\r\nthe maximum difference is 5.\r\n\r\nIf an attacker is successful, all fragments with invalid TTL differences\r\nwill be dropped. No rules will be applied to them.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in Snort 2.8\r\nand 2.6. Snort 2.4 is not vulnerable.\r\n\r\nV. WORKAROUND\r\n\r\nIn the snort.conf file, set the ttl_limit configuration value to 255 as\r\nshown below.\r\n\r\n preprocessor frag3_engine: ttl_limit 255\r\n\r\nThis will set the allowable difference to the maximum possible value,\r\nand prevent fragments from being dropped.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nSourcefire has addressed this vulnerability by releasing version 2.8.1\r\nof Snort. For more information consult their change log and source\r\ndifferences at the following URLs.\r\n\r\nhttp://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.534.2.11\r\n\r\nhttp://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&amp;tr1=1.46.2.4&amp;r2=text&amp;tr2=1.46.2.5&amp;diff_format=h\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned the\r\nname CVE-2008-1804 to this issue. This is a candidate for inclusion in\r\nthe CVE list &#40;http://cve.mitre.org/&#41;, which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n02/26/2008 Initial vendor notification\r\n02/26/2008 Initial vendor response\r\n05/21/2008 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by Silvio Cesare.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2008 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "edition": 1, "cvss3": {}, "published": "2008-05-22T00:00:00", "title": "iDefense Security Advisory 05.21.08: Multiple Vendor Snort IP Fragment TTL Evasion Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2008-05-22T00:00:00", "id": "SECURITYVULNS:DOC:19894", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19894", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-08-19T13:10:19", "description": "update for CVE-2008-1804\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-06-09T00:00:00", "type": "nessus", "title": "Fedora 9 : snort-2.8.1-3.fc9 (2008-4986)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:snort", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-4986.NASL", "href": "https://www.tenable.com/plugins/nessus/33112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-4986.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33112);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1804\");\n script_xref(name:\"FEDORA\", value:\"2008-4986\");\n\n script_name(english:\"Fedora 9 : snort-2.8.1-3.fc9 (2008-4986)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update for CVE-2008-1804\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=447870\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/010899.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df52fd95\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected snort package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:snort\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"snort-2.8.1-3.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"snort\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:10:09", "description": "update for CVE-2008-1804\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-06-09T00:00:00", "type": "nessus", "title": "Fedora 8 : snort-2.8.1-3.fc8 (2008-5001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:snort", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-5001.NASL", "href": "https://www.tenable.com/plugins/nessus/33114", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-5001.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33114);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1804\");\n script_xref(name:\"FEDORA\", value:\"2008-5001\");\n\n script_name(english:\"Fedora 8 : snort-2.8.1-3.fc8 (2008-5001)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update for CVE-2008-1804\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=447870\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/010910.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e154c76\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected snort package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:snort\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"snort-2.8.1-3.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"snort\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:10:23", "description": "Fix for CVE-2008-1804\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-06-09T00:00:00", "type": "nessus", "title": "Fedora 7 : snort-2.8.1-3.fc7 (2008-5045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:snort", "cpe:/o:fedoraproject:fedora:7"], "id": "FEDORA_2008-5045.NASL", "href": "https://www.tenable.com/plugins/nessus/33117", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-5045.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33117);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1804\");\n script_xref(name:\"FEDORA\", value:\"2008-5045\");\n\n script_name(english:\"Fedora 7 : snort-2.8.1-3.fc7 (2008-5045)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2008-1804\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=447870\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/010941.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7015c9fc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected snort package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:snort\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"snort-2.8.1-3.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"snort\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate \"alert\" file, or as a WinPopup message via Samba's smbclient Edit /etc/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.8.1 There are no rules in this package the license they are released under fo rbids us from repackaging them and redistributing them. ", "edition": 2, "cvss3": {}, "published": "2008-06-06T07:49:11", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: snort-2.8.1-3.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1804"], "modified": "2008-06-06T07:49:11", "id": "FEDORA:M567MPL9016111", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate \"alert\" file, or as a WinPopup message via Samba's smbclient Edit /etc/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.8.1 There are no rules in this package the license they are released under fo rbids us from repackaging them and redistributing them. ", "edition": 2, "cvss3": {}, "published": "2008-06-06T07:47:58", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: snort-2.8.1-3.fc9", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1804"], "modified": "2008-06-06T07:47:58", "id": "FEDORA:M567L8WC015951", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a separate \"alert\" file, or as a WinPopup message via Samba's smbclient Edit /etc/snort.conf to configure snort and use snort.d to start snort This rpm is different from previous rpms and while it will not clobber your current snortd file, you will need to modify it. There are 9 different packages available All of them require the base snort rpm. Additionally, you will need to chose a binary to install. /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain plain+flexresp mysql mysql+flexresp postgresql postgresql+flexresp snmp snmp+flexresp bloat mysql+postgresql+flexresp+snmp Please see the documentation in /usr/share/doc/snort-2.8.1 There are no rules in this package the license they are released under fo rbids us from repackaging them and redistributing them. ", "edition": 2, "cvss3": {}, "published": "2008-06-06T07:52:27", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: snort-2.8.1-3.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1804"], "modified": "2008-06-06T07:52:27", "id": "FEDORA:M567PFWV016676", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T22:01:00", "description": "preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not\nproperly identify packet fragments that have dissimilar TTL values, which\nallows remote attackers to bypass detection rules by using a different TTL\nfor each fragment.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/235901>\n", "cvss3": {}, "published": "2008-05-22T00:00:00", "type": "ubuntucve", "title": "CVE-2008-1804", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1804"], "modified": "2008-05-22T00:00:00", "id": "UB:CVE-2008-1804", "href": "https://ubuntu.com/security/CVE-2008-1804", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:52:51", "description": "preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.", "cvss3": {}, "published": "2008-05-22T13:09:00", "type": "debiancve", "title": "CVE-2008-1804", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1804"], "modified": "2008-05-22T13:09:00", "id": "DEBIANCVE:CVE-2008-1804", "href": "https://security-tracker.debian.org/tracker/CVE-2008-1804", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:02:51", "description": "preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.", "cvss3": {}, "published": "2008-05-22T13:09:00", "type": "cve", "title": "CVE-2008-1804", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1804"], "modified": "2017-08-08T01:30:00", "cpe": ["cpe:/a:snort:snort:2.8.0"], "id": "CVE-2008-1804", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1804", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:snort:snort:2.8.0:*:*:*:*:*:*:*"]}], "seebug": [{"lastseen": "2017-11-19T21:41:16", "description": "BUGTRAQ ID: 29327\r\nCVE(CAN) ID: CVE-2008-1804\r\n\r\nSnort\u662f\u5e7f\u6cdb\u90e8\u7f72\u7684\u5f00\u653e\u6e90\u7801\u7f51\u7edc\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf\uff08IDS\uff09\u3002\r\n\r\nSnort\u6ca1\u6709\u6b63\u786e\u5730\u91cd\u7ec4IP\u62a5\u6587\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u68c0\u6d4b\u3002\r\n\r\n\u5728\u63a5\u6536\u5165\u7ad9\u788e\u7247\u65f6\uff0cSnort\u68c0\u67e5\u788e\u7247\u7684\u5b58\u6d3b\u65f6\u95f4\uff08TTL\uff09\u503c\u5e76\u4e0e\u521d\u59cb\u788e\u7247\u7684TTL\u505a\u6bd4\u8f83\u3002\u5982\u679c\u4e8c\u8005\u4e4b\u95f4\u7684\u5dee\u5f02\u5927\u4e8e\u6240\u914d\u7f6e\u7684\u91cf\uff08\u9ed8\u8ba4\u6700\u5927\u503c\u4e3a5\uff09\u7684\u8bdd\uff0c\u5c31\u4f1a\u4e22\u5f03\u788e\u7247\uff0c\u4e5f\u65e0\u6cd5\u5bf9\u5176\u5e94\u7528\u89c4\u5219\uff0c\u8fd9\u5bfc\u81f4Snort\u65e0\u6cd5\u8fc7\u6ee4\u6216\u68c0\u67e5\u6709\u6548\u7684\u901a\u8baf\u3002\r\n\n\nSnort Project Snort 2.8\r\nSnort Project Snort 2.6\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u5728snort.conf\u6587\u4ef6\u4e2d\u5c06ttl_limit\u503c\u8bbe\u7f6e\u4e3a255\uff1a \r\n\r\n preprocessor frag3_engine: ttl_limit 255\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nSnort Project\r\n-------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&amp;tr1=1.46.2.4&amp;r2=text&amp;tr2=1.46.2.5&amp;diff_format=h target=_blank>http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&amp;tr1=1.46.2.4&amp;r2=text&amp;tr2=1.46.2.5&amp;diff_format=h</a>", "cvss3": {}, "published": "2008-05-23T00:00:00", "type": "seebug", "title": "Snort\u788e\u7247\u91cd\u7ec4TTL\u503c\u5bfc\u81f4\u6f0f\u62a5\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2008-1804"], "modified": "2008-05-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3318", "id": "SSV:3318", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}