Bug 161750 - net-anlyzer/snort [2.6.1 <= 2.6.1.2] Integer underflow in DecodeGRE()
|
Bug#:
161750
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: trivial
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: aetius@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://labs.calyptix.com/advisories/CX-2007-01.txt
|
|
Summary: net-anlyzer/snort [2.6.1 <= 2.6.1.2] Integer underflow in DecodeGRE()
|
|
Keywords:
|
|
Status Whiteboard: C4 [noglsa]
|
|
Opened: 2007-01-12 13:39 0000
|
Snort contains an integer underflow in the new GRE processing code, allowing
possible log corruption or information disclosure.
Reproducible: Didn't try
Steps to Reproduce:
Setting status and cc'ing herd. The advisory says there's a patch in snort
CVS.
Fixed in r 1.131 of decode.c, see attached upstream patch.
The vulnerable GRE support has been introduced in 2.6.1
There is no vulnerable stable version in the portage tree (latest stable ebuild
= 2.4.5)
But this will be important to consider since there is bug 161632 which concerns
a DoS that has been fixed in 2.6.1
BTW the gentoo ebuild doesn't take the advantage of --enable-gre which is too
bad :(
i'm going to attach a backport of the upstream patch against 2.6.1.1, and an
ebuild patch for a "gre" USE-flag.
The vulnerability is only present with --enable-gre, so Gentoo is not actually
vulnerable. ("objdump -x decode.o | grep DecodeGRE" gives nothing).
This does not appear to be an issue anymore in the current stable 2.6.1.3-r1.
Reopen if you disagree.
c4 -> noglsa
