Snort TCP Packet Reassembly Integer Overflow Vulnerability

Solution:
Conectiva Linux has released a security advisory (CLSA-2003:671) to address this issue. Fixes are available below. Users are advised to upgrade as soon as possible.

Guardian Digital Security has released a security advisory for EnGarde Secure Linux (ESA-20030430-013). The referenced advisory contains information pertaining to obtaining and applying fixes that address this issue. Users are advised to upgrade as soon as possible.

While NetBSD does not include Snort by default, Snort is available through pkgsrc. NetBSD users who have installed Snort packages should use pkgsrc/security/audit-packages to apply upgrades.

It is recommended that all Gentoo Linux users who are running
net-analyzer/snort upgrade to snort-2.0.0 as follows:

emerge sync
emerge snort
emerge clean

Mandrake has released a security advisory (MDKSA-2003:052) which contains fixes that address this issue. Users are advised to upgrade as soon as possible.

Debian has released a security advisory (DSA 297-1) containing fixes which address this issue. Users are advised to upgrade as soon as possible.

This issue is addressed in Snort 2.0. Users are advised to upgrade.

Fixes are available:


Snort Project Snort 1.8

Snort Project Snort 1.8.1

Snort Project Snort 1.8.2

Snort Project Snort 1.8.3

Snort Project Snort 1.8.4 beta1

Snort Project Snort 1.8.4

Snort Project Snort 1.8.5

Snort Project Snort 1.8.6

Snort Project Snort 1.8.7

Snort Project Snort 1.9

Snort Project Snort 1.9.1

SmoothWall SmoothWall 2.0 beta 4


 

Privacy Statement
Copyright 2010, SecurityFocus