Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-297
HistoryMay 01, 2003 - 12:00 a.m.

snort - integer overflow, buffer overflow

2003-05-0100:00:00
Google
osv.dev
4

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Two vulnerabilities have been discovered in Snort, a popular network
intrusion detection system. Snort comes with modules and plugins that
perform a variety of functions such as protocol analysis. The
following issues have been identified:

Heap overflow in Snort “stream4” preprocessor

(VU#139129, CAN-2003-0209, Bugtraq Id 7178)
Researchers at CORE Security Technologies have discovered a
remotely exploitable integer overflow that results in overwriting
the heap in the “stream4” preprocessor module. This module allows
Snort to reassemble TCP packet fragments for further analysis. An
attacker could insert arbitrary code that would be executed as
the user running Snort, probably root.
Buffer overflow in Snort RPC preprocessor

(VU#916785, CAN-2003-0033, Bugtraq Id 6963)
Researchers at Internet Security Systems X-Force have discovered a
remotely exploitable buffer overflow in the Snort RPC preprocessor
module. Snort incorrectly checks the lengths of what is being
normalized against the current packet size. An attacker could
exploit this to execute arbitrary code under the privileges of the
Snort process, probably root.

For the stable distribution (woody) these problems have been fixed in
version 1.8.4beta1-3.1.

The old stable distribution (potato) is not affected by these problems
since it doesn’t contain the problematic code.

For the unstable distribution (sid) these problems have been fixed in
version 2.0.0-1.

We recommend that you upgrade your snort package immediately.

You are also advised to upgrade to the most recent version of Snort,
since Snort, as any intrusion detection system, is rather useless if
it is based on old and out-dated data and not kept up to date. Such
installations would be unable to detect intrusions using modern
methods. The current version of Snort is 2.0.0, while the version in
the stable distribution (1.8) is quite old and the one in the old
stable distribution is beyond hope.

Since Debian does not update arbitrary packages in stable releases,
even Snort is not going to see updates other than to fix security
problems, you are advised to upgrade to the most recent version from
third party sources.

Related

openvas 2
debian 2
cert 2
nessus 3
cve 2
debiancve 2
securityvulns 1
openvas
openvas
Debian Security Advisory DSA 297-1 (snort)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-297)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 297-1] New snort packages fix remote root exploits
2003-05-01 13:12:58
[SECURITY] [DSA 297-1] New snort packages fix remote root exploits
2003-05-01 13:12:58
cert
cert
Buffer overflow in Snort RPC preprocessor
2003-03-03 00:00:00
Heap overflow in Snort "stream4" preprocessor
2003-04-16 00:00:00
nessus
nessus
Debian DSA-297-1 : snort - integer overflow, buffer overflow
2004-09-29 00:00:00
Mandrake Linux Security Advisory : snort (MDKSA-2003:029)
2004-07-31 00:00:00
Mandrake Linux Security Advisory : snort (MDKSA-2003:052)
2004-07-31 00:00:00
cve
cve
CVE-2003-0033
2003-03-07 05:00:00
CVE-2003-0209
2003-05-05 04:00:00
debiancve
debiancve
CVE-2003-0033
2003-03-07 05:00:00
CVE-2003-0209
2003-05-05 04:00:00
securityvulns
securityvulns
CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors
2003-04-18 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for OSV:DSA-297
openvas2debian2cert2nessus3cve2debiancve2securityvulns1