Snort mailing list archives

Re: report a small bug

From: Russ Combs <rcombs () sourcefire com>
Date: Fri, 9 Jul 2010 10:31:11 -0400

Thanks to the original reporter of this bug.  We'll see that it is fixed in
the next release.

SF did not call it "small" but it is not what I'd call dangerous.  Apart
from annoying printf()s there really is no ill effect.  The free count in
question is essentially redundant, because the free list it is counting is
properly initialized and the pointer is checked before use.

Thanks for checking.
Russ

On Fri, Jul 9, 2010 at 9:24 AM, L0rd Ch0de1m0rt <l0rdch0de1m0rt () gmail com>wrote:

Hello.  I am not intimate with Snort code so pardon if this is a
stupid question but how serious is this bug?  You call it "small" but
can there be DoS, code execution, etc.?  We have seen security
vulnerabilities in the past in Snort and I need to know if I need to
prioritise my snort patches so I don't get 0wn3d.

Thanks!

-L0rd Ch0de1m0rt


------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Current thread:

report a small bug 张峥 (Jul 08)
- <Possible follow-ups>
- Re: report a small bug L0rd Ch0de1m0rt (Jul 09)
  - Re: report a small bug Russ Combs (Jul 09)