Bugzilla – Bug 3154
snort vulns upgrade to 2.0
Last modified: 2003-10-19 23:17:20 UTC
http://www.snort.org/advisories/snort-2003-04-16-1.txt /me is upgrading it.
Disable affected preprocessor modules Sites that are unable to immediately upgrade affected Snort sensors may prevent exploitation of this vulnerability by commenting out the affected preprocessor modules in the "snort.conf" configuration file. To prevent exploitation of VU#139129, comment out the following line: preprocessor stream4_reassemble To prevent exploitation of VU#916785, comment out the following line: preprocessor rpc_decode: 111 32771 After commenting out the affected modules, send a SIGHUP signal to the affected Snort process to update the configuration. Note that disabling these modules may have adverse affects on a sensor's ability to correctly process RPC record fragments and TCP packet fragments. In particular, disabling the "stream4" preprocessor module will prevent the Snort sensor from detecting a variety of IDS evasion attacks.
http://www.cert.org/advisories/CA-2003-13.html
devel, test, stable updated. Now posting to news.sourcemage.org.
Nice work Seth.
if any of these still have issues outstanding then they can be reopened, but most have just been overlooked/forgotten ("these" refers to the 611 fixed but not closed bugs I just found in our database)