[Snort-devel] Patch for snort-1.9.1: CORE-2003-0307: Stream Reassembly Integer Overflow (fwd)
cmg at ...402...
Wed Apr 16 05:55:09 EDT 2003
Matthew Callaway <matt at ...806...> writes:
> Core Security Technologies recently announced an integer overflow in
> snort. After briefly examining the vulnerability notice, and the
> relevant portion of the stream4 preprocessor, we believe we have a patch
> that addresses the problem.
> A quick attempt at reproducing the attack against snort-1.9.1 based on
> the description provided by the Core team was unsuccessful. However,
> the vulnerability in the code appears easy enough to address.
For a safer temporary mitigatation, replace the memcpys with the
SafeMemcpy type approach used in snort 2.0 in both frag2 and stream4.
Snort 2.0.0 should be used.
Chris Green <cmg at ...402...>
Fame may be fleeting but obscurity is forever.
More information about the Snort-devel