[Snort-devel] Snort 1.9.1 available (please upgrade)

Martin Roesch roesch at ...402...
Mon Mar 3 10:03:10 EST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the light of this newly discovered vulnerability in
spp_rpc_decode, we have released Snort 1.9.1.  Everyone should
plan to upgrade or disable the rpc_decode preprocessor at the
very least.

Snort 2.0 beta (CVS HEAD) has been updated as well, if you're
running the CVS HEAD branch you should update.

    -Marty

- --
The Snort team announces the availability of version 1.9.1 of Snort
available for download at http://www.snort.org.

http://www.snort.org/dl/snort-1.9.1.tar.gz
http://www.snort.org/dl/snort-1.9.1.tar.gz.asc (gpg)

A list of major changes include:

- - New RPC decoder options
     alert_fragments
     no_alert_multiple_requests
     no_alert_large_fragments
     no_alert_incomplete
- - corrected buffer overflow in RPC fragment normalization
- - distance and within fixes for rules
- - UDP checksum only acts if not 0
- - ip_protos can now be stacked
- - win32 service installs
- - Stream4 now does not chop off last byte of stream
- - syslog alert mode command line switch fixed in *NIX version

Release Notes:

This is a must upgrade release or must mitigate for existing snort
users.

There is a buffer overflow in the snort RPC decoder in versions less
than snort 1.9.1 or CVS versions before 2003-02-24/1pm US/Eastern.

See CAN-2003-0033 or http://www.kb.cert.org/vuls/916785 for more
information.

- -- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch at ...402... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (Darwin)

iD8DBQE+Y5gjqj0FAQQ3KOARAn1eAJ42AzCrfz4QzhbQDl/LhbQlQQ5OmwCfQwOn
HKs2XCABQHpAYrS+fTxvlts=
=H6Cx
-----END PGP SIGNATURE-----





More information about the Snort-devel mailing list