Snort mailing list archives
Re: Snort 2.20 Denial Of Service Exploit
From: Wes Young <wcyoung () buffalo edu>
Date: Thu, 23 Dec 2004 08:37:50 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Question, does this have to be directed at the sniffing interface?? or if you are using snort as a pass through (as you should be) will it be effected just be "seeing" the packets???? Wes Young Network Security Analyst University at Buffalo M. Shirk wrote: | I have not verified this, but saw it before leaving the house this | morning. This is from http://isc.incidents.org | | Snort 2.20 Denial of Service exploit posted | | K-OTik notified us of this exploit for Snort 2.2 and | earlier:http://www.k-otik.com/exploits/20041222.angelDust.c.php | | It will core dump a running Snort process with a specially crafted | packed. The recommended fix is to upgrade to Snort 2.3 RC1 or | better which various handlers have reported is stable. This | particular exploit works with Linux-based distributions, but not | BSD-based. (We tried RHEL3, Debian, and OpenBSD). | | Shirkdog http://www.shirkdog.us | | _________________________________________________________________ | Don?t just search. Find. Check out the new MSN Search! | http://search.msn.click-url.com/go/onm00200636ave/direct/01/ | | | | ------------------------------------------------------- SF email is | sponsored by - The IT Product Guide Read honest & candid reviews on | hundreds of IT Products from real users. Discover which products | truly live up to the hype. Start reading now. | http://productguide.itmanagersjournal.com/ | _______________________________________________ Snort-users mailing | list Snort-users () lists sourceforge net Go to this URL to change | user options or unsubscribe: | https://lists.sourceforge.net/lists/listinfo/snort-users | Snort-users list archive: | http://www.geocrawler.com/redir-sf.php3?list=snort-users | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) iD8DBQFBysouzLe0Tk6uDXYRAuOCAKCdi5QeGjTjQIYinyB7drFDrlTMbwCgvyOn cNh2KbpE5BWQ/u7v4ra7fHU= =V3AB -----END PGP SIGNATURE----- ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users.Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Configuration in large network. ashish natvarlal kuvawala (Dec 23)
- Snort 2.20 Denial Of Service Exploit M. Shirk (Dec 23)
- Re: Snort 2.20 Denial Of Service Exploit Wes Young (Dec 23)
- Re: Snort 2.20 Denial Of Service Exploit Matt Kettler (Dec 23)
- Re: Snort 2.20 Denial Of Service Exploit Wes Young (Dec 23)
- Snort 2.20 Denial Of Service Exploit M. Shirk (Dec 23)