Snort mailing list archives
Update on The Rule Matching Vulnerability published today
From: Mike Guiterman <mike.guiterman () sourcefire com>
Date: Thu, 11 Jan 2007 17:28:13 -0500
Hi everyone, Thanks to Randy Smith, Christian Estan, and Somesh Jha of the University of Wisconsin-Madison for reporting the Rule Matching Backtrack Denial of Service Vulnerability. This issue was fixed in v2.6.1. We recommend users update to the current release 2.6.1.2 There seems to be some confusion over whether or not the current release is vulnerable. Some users reported seeing published information where v2.6.1 appeared vulnerable. We looked into the reports and found that it is simply an unusual way that Security Focus displays version numbers. In the 4 digit format they use a space in place of a 0, ie. where it the entry lists " 2.6. 1" the version number should read 2.6.0.1. Bugtraq information is located at: http://www.securityfocus.com/bid/21991 -- Mike Guiterman Snort Community Manager Sourcefire, Inc. mguiterman () sourcefire com (410)423-1930 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Update on The Rule Matching Vulnerability published today Mike Guiterman (Jan 11)