Description: Randy Smith, Christian Estan, and Somesh Jha have reported a vulnerability in Snort, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The problem is that the rule matching algorithm of Snort can be exploited to perform numerous time-consuming operations, which may lead to a decreased or zero detection rate via a specially crafted packet. The vulnerability is reported in version 2.4.3. Other versions may also be affected. Reproducible: Didn't try http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf
Fixed in 2.6.1 and the 2.6.1.x tree But the 2.6.1 version introduced another (weaker) vulnerability, see bug 161750
CCing netmon should help. (In reply to comment #1) > Fixed in 2.6.1 and the 2.6.1.x tree sorry, my bad: there are several fixes. All known vulnerabilities are fixed in >=2.6.1.2 http://www.snort.org/docs/release_notes/release_notes_2612.txt http://www.snort.org/pub-bin/snortnews.cgi#591 netmon team, please bump 2.6.1.2, thanks. netmon, in the same time, if you could make use of the GRE support with --enable--gre and a "gre" USE-flag, *and* add the GRE vulnerability backport patch [1], this will be perfect , thanks :) [1] https://bugs.gentoo.org/attachment.cgi?id=106865
2.6.1.2 is in the tree arches pls test and mark stable
net-analyzer/snort-2.6.1.2 1. emerges on x86 2. passes collision test 3. works Portage 2.1.1-r2 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.18.6 i686) ================================================================= System uname: 2.6.18.6 i686 AMD Athlon(TM) XP1800+ Gentoo Base System version 1.12.6 Last Sync: Thu, 25 Jan 2007 19:00:01 +0000 ccache version 2.4 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.3.5-r3, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="autoconfig ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/" LANG="en_GB.utf8" LINGUAS="en de en_GB" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/normal" SYNC="rsync://192.168.2.1/gentoo-portage" USE="x86 3dnow 3dnowext X a52 aac alsa apache2 berkdb bitmap-fonts bzip2 cairo cdr cli cracklib crypt cups dbus divx4linux dlloader dri dts dvd dvdr dvdread eds elibc_glibc emboss exif fam ffmpeg firefox fortran gdbm gif gnome gphoto2 gpm gstreamer gtk hal iconv input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kernel_linux ldap libg++ linguas_de linguas_en linguas_en_GB mad mikmod mmx mmxext mono mp3 mpeg ncurses network nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl seamonkey session spell spl ssl svg tcpd test tetex tiff truetype truetype-fonts type1-fonts udev unicode usb userland_GNU vcd video_cards_none video_cards_nv vorbis win32codecs xine xinerama xml xorg xprint xv xvid zlib" Unset: CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS
ppc64 stable
x86 stable
Can an amd64 dev look at this one, I got a multilib-strict failure on mine.
ppc stable
Created attachment 109042 [details, diff] multilib strict fix for amd64's pleasure here is a patch that should fix multilib strict checks needed for amd64
ping amd64
Thanks Alexis for the patch, amd64 is stable
Thanks, i vote yes due to a DoS on an IDS.
i'm actually the only active member of the security team, so i can't apply the policy telling that 2 positive votes include a GLSA. Let's have one btw :)
GLSA 200702-03, thanks to everybody.
