[Snort-devel] Patch for snort-1.9.1: CORE-2003-0307: Stream Reassembly Integer Overflow (fwd)

Chris Green cmg at ...402...
Wed Apr 16 05:55:09 EDT 2003

Matthew Callaway <matt at ...806...> writes:

> Core Security Technologies recently announced an integer overflow in
> snort.  After briefly examining the vulnerability notice, and the
> relevant portion of the stream4 preprocessor, we believe we have a patch
> that addresses the problem.
> A quick attempt at reproducing the attack against snort-1.9.1 based on
> the description provided by the Core team was unsuccessful.  However,
> the vulnerability in the code appears easy enough to address.

For a safer temporary mitigatation, replace the memcpys with the
SafeMemcpy type approach used in snort 2.0 in both frag2 and stream4.

Snort 2.0.0 should be used.
Chris Green <cmg at ...402...>
Fame may be fleeting but obscurity is forever.

More information about the Snort-devel mailing list