Summary: | <net-analyzer/snort-2.8.1 Snort IP Fragment TTL Evasion Vulnerability (CVE-2008-1804) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jason.r.wallace, netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=701 | ||
Whiteboard: | B4? [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 198205, 245752 | ||
Bug Blocks: |
Description
Robert Buchholz (RETIRED)
2008-05-22 14:59:22 UTC
RedHat has patches linked in their BZ, http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog.diff?r1=1.544&r2=1.545 (part) http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=1.50&r2=1.51 http://cvs.snort.org/viewcvs.cgi/snort/src/generators.h.diff?r1=1.63&r2=1.64 http://cvs.snort.org/viewcvs.cgi/snort/etc/gen-msg.map.diff?r1=1.43&r2=1.44 http://cvs.snort.org/viewcvs.cgi/snort/doc/README.frag3.diff?r1=1.7&r2=1.8 http://cvs.snort.org/viewcvs.cgi/snort/doc/snort_manual.tex.diff?r1=1.98&r2=1.99 + updated version of snort_manual.pdf see Bug #198205 , that snort-version (2.8.2) works for me Cheers bug #245752 should resolve this issue There is a new ebuild for snort-2.8.4 at the following bug... bug#266288 This also fixes this bug. Please close this bug and.. Bug#198205 Bug#245752 (In reply to comment #4) > Please close this bug... > Please note that Security bugs are needed for more than just bumping purposes and are _not_ closed in cases such as this. Ready to vote, I vote: NO. NO too. Closing noglsa. |