Snort RPC Preprocessor Fragment Reassembly Buffer Overflow Vulnerability

Solution:
Administrators are advised to upgrade vulnerable installations of Snort. A fix has been committed to the CVS tree and is available at the following location:

http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/snort/snort/src/preprocessors/spp_rpc_decode.c

Gentoo Linux has released an advisory. Users who have installed net-analyzer/snort are advised to upgrade to snort-1.9.1 by issuing the following commands:

emerge sync
emerge -u snort
emerge clean

Mandrake has released a security advisory (MDKSA-2003:029) which contains fixes.

EnGarde Secure Linux has released a security advisory. Information about obtaining and applying the patches are available in the referenced advisory.

Sorcerer Linux has released an advisory. Users are advised to upgrade systems by issuing the following commands:

augur synch && augur update

SmoothWall has released 'fixes2' for SmoothWall 1.0-final systems. Users who are using SmoothWall 0.99 systems are advised to upgrade to SmoothWall 1.0-final. Fixes are also available for SmoothWall 2.0b4-mallard systems. Further information is available in the referenced message.

Conectiva has released a security advisory (CLA-2003:613) which contains fixes for this issue. Users are advised to upgrade their Snort packages as soon as possible.

While NetBSD does not include Snort by default, Snort is available through pkgsrc. NetBSD users who have installed Snort packages should use pkgsrc/security/audit-packages to apply upgrades.

Debian has released a security advisory (DSA 297-1) containing fixes which address this issue. Users are advised to upgrade as soon as possible.

Fixes available:


SmoothWall SmoothWall 1.0

Snort Project Snort 1.8

Snort Project Snort 1.8.1

Snort Project Snort 1.8.2

Snort Project Snort 1.8.3

Snort Project Snort 1.8.4 beta1

Snort Project Snort 1.8.4

Snort Project Snort 1.8.5

Snort Project Snort 1.8.6

Snort Project Snort 1.8.7

Snort Project Snort 1.9

SmoothWall SmoothWall 2.0 beta 4


 

Privacy Statement
Copyright 2010, SecurityFocus