Vulnerability Development mailing list archives
Re: snort crash ... - Fixed
From: Dragos Ruiu <dr () DURSEC COM>
Date: Tue, 1 Aug 2000 03:38:26 -0700
This _was_ a bug in the snort defragmentaiton processor that only happened if you enabled it (and if you did, you did so with the warnings that it was beta). I fixed it a week ago... This problem has been fixed with the latest defragmentation processor I released on the Snort-Users list..... You should be able to find it in the archives at sourceforge. Let me know if you need more info than that. These are all more good reasons to subscribe to the Snort-Users list. cheers, --dr P.s. though I haven't checked I think that an even newer one than the one I posted on the list is in the CVS tree (well, I sent it to Marty and Fyodor). I believe all the defragger versions after Beta14 (and including it) do not have this problem anymore. The only currently open issue/bug with the defragger is some alignment/compiler wierdness on Solaris/sparc which cause immediate crashes when enabled, which I will try to remedy tomorrow, but I don't have access to a Solaris sparc machine to test so I'm developing blind..... but I'm pretty sure I know what the fix for that is (copy some junk into temp vars to make up for the braindead sparc compilers that can't seem to be able to figure out how to word align their own data). We'll see with the beta18 release I'll be sending out tomorrow.... It should run fine on all other platforms supported by snort now, though I have only tested it personaly on BSD(open/free) and Linux. Oh, and since this was posted to vuln-dev... even if you are running the old one with defragging enabled... it's not exploitable - all it does is crash randomly(based on fragments seen before it..), due to some memory allocation size errors. The crash detailed below is typical of the old broken behaviour on Linux. The non-deterministic nature of the crashes made it a bitch to debug. :-( But that's done now :-) :-) :-) On Tue, 25 Jul 2000, Fabio Pietrosanti wrote:
hi look here... Jul 25 12:59:16 naif libsafe.so[7023]: version 1.3 Jul 25 12:59:16 naif libsafe.so[7023]: detected an attempt to write across stack boundary. Jul 25 12:59:16 naif libsafe.so[7023]: terminating /usr/local/sbin/snort Jul 25 12:59:16 naif libsafe.so[7023]: overflow caused by memcpy()
-- dursec.com ltd. / kyx.net - we're from the future http://www.dursec.com
Current thread:
- Re: snort crash ... - Fixed Dragos Ruiu (Aug 01)
- Re: [Snort-users] Re: snort crash ... - Fixed Dragos Ruiu (Aug 01)