Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 1.9.1 available (please upgrade)

From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 3 Mar 2003 13:00:02 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the light of this newly discovered vulnerability in
spp_rpc_decode, we have released Snort 1.9.1.  Everyone should
plan to upgrade or disable the rpc_decode preprocessor at the
very least.

Snort 2.0 beta (CVS HEAD) has been updated as well, if you're
running the CVS HEAD branch you should update.

   -Marty

- --
The Snort team announces the availability of version 1.9.1 of Snort
available for download at http://www.snort.org.

http://www.snort.org/dl/snort-1.9.1.tar.gz
http://www.snort.org/dl/snort-1.9.1.tar.gz.asc (gpg)

A list of major changes include:

- - New RPC decoder options
    alert_fragments
    no_alert_multiple_requests
    no_alert_large_fragments
    no_alert_incomplete
- - corrected buffer overflow in RPC fragment normalization
- - distance and within fixes for rules
- - UDP checksum only acts if not 0
- - ip_protos can now be stacked
- - win32 service installs
- - Stream4 now does not chop off last byte of stream
- - syslog alert mode command line switch fixed in *NIX version

Release Notes:

This is a must upgrade release or must mitigate for existing snort
users.

There is a buffer overflow in the snort RPC decoder in versions less
than snort 1.9.1 or CVS versions before 2003-02-24/1pm US/Eastern.

See CAN-2003-0033 or http://www.kb.cert.org/vuls/916785 for more
information.
- -- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (Darwin)

iD8DBQE+Y5gjqj0FAQQ3KOARAn1eAJ42AzCrfz4QzhbQDl/LhbQlQQ5OmwCfQwOn
HKs2XCABQHpAYrS+fTxvlts=
=H6Cx
-----END PGP SIGNATURE-----



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: