[Snort-devel] Patch for snort-1.9.1: CORE-2003-0307: StreamReassembly Integer Overflow (fwd)

rmkml rmkml at ...1042...
Wed Apr 16 06:21:09 EDT 2003


Snort.org out new version (1.9.2) with fix officialy stream4 pb ?


Chris Green wrote:

> Matthew Callaway <matt at ...806...> writes:
>
> > Core Security Technologies recently announced an integer overflow in
> > snort.  After briefly examining the vulnerability notice, and the
> > relevant portion of the stream4 preprocessor, we believe we have a patch
> > that addresses the problem.
> >
> > A quick attempt at reproducing the attack against snort-1.9.1 based on
> > the description provided by the Core team was unsuccessful.  However,
> > the vulnerability in the code appears easy enough to address.
>
> For a safer temporary mitigatation, replace the memcpys with the
> SafeMemcpy type approach used in snort 2.0 in both frag2 and stream4.
>
> Snort 2.0.0 should be used.
> --
> Chris Green <cmg at ...402...>
> Fame may be fleeting but obscurity is forever.
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel





More information about the Snort-devel mailing list