161750 – net-anlyzer/snort [2.6.1 <= 2.6.1.2] Integer underflow in DecodeGRE()

Bug 161750 - net-anlyzer/snort [2.6.1 <= 2.6.1.2] Integer underflow in DecodeGRE()

Summary: net-anlyzer/snort [2.6.1 <= 2.6.1.2] Integer underflow in DecodeGRE()

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial
Assignee:	Gentoo Security

URL:	http://labs.calyptix.com/advisories/C...
Whiteboard:	C4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2007-01-12 13:39 UTC by Matt Drew (RETIRED)
Modified:	2007-03-07 13:32 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Upstream patch (snort-diff-upstream-r1.130-r1.131.diff,2.83 KB, patch) 2007-01-13 23:26 UTC, Raphael Marichez (Falco) (RETIRED)	no flags	Details \| Diff
Backport for 2.6.1.1 (snort-2.6.1.1-gre.patch,1.14 KB, patch) 2007-01-13 23:56 UTC, Raphael Marichez (Falco) (RETIRED)	no flags	Details \| Diff
Proposed ebuild with --enable-gre support (snort-2.6.1.1.ebuild,5.54 KB, text/plain) 2007-01-14 00:04 UTC, Raphael Marichez (Falco) (RETIRED)	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Drew (RETIRED) gentoo-dev

2007-01-12 13:39:36 UTC

Snort contains an integer underflow in the new GRE processing code, allowing possible log corruption or information disclosure.

Reproducible: Didn't try

Steps to Reproduce:

Comment 1 Matt Drew (RETIRED) gentoo-dev

2007-01-12 13:41:32 UTC

Setting status and cc'ing herd.  The advisory says there's a patch in snort CVS.

Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-01-13 23:25:25 UTC

Fixed in r 1.131 of decode.c, see attached upstream patch.

The vulnerable GRE support has been introduced in 2.6.1

There is no vulnerable stable version in the portage tree (latest stable ebuild = 2.4.5)

But this will be important to consider since there is bug 161632 which concerns a DoS that has been fixed in 2.6.1

Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-01-13 23:26:40 UTC

Created attachment 106865 [details, diff]
Upstream patch

Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-01-13 23:53:58 UTC

BTW the gentoo ebuild doesn't take the advantage of --enable-gre which is too bad :(

i'm going to attach a backport of the upstream patch against 2.6.1.1, and an ebuild patch for a "gre" USE-flag.


The vulnerability is only present with --enable-gre, so Gentoo is not actually vulnerable. ("objdump -x decode.o | grep DecodeGRE" gives nothing).

Comment 5 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-01-13 23:56:55 UTC

Created attachment 106867 [details, diff]
Backport for 2.6.1.1

Comment 6 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-01-14 00:04:53 UTC

Created attachment 106869 [details]
Proposed ebuild with --enable-gre support

Comment 7 Matthias Geerdsen (RETIRED) gentoo-dev

2007-03-07 13:32:15 UTC

This does not appear to be an issue anymore in the current stable 2.6.1.3-r1.
Reopen if you disagree.

c4 -> noglsa