[Snort-devel] Snort >= 2.1.3 TCP/IP options bug

Jeff Nathan jeff at ...835...
Tue Oct 12 15:08:19 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To follow up Dan's comment the proof of concept code attached to the 
original message was non-portable (I don't mean to be rude when I say 
that I'm surprised the proof-of-concept code ran at all in its original 
form).

If anyone attaches proof of concept code to a bug report, please write 
portable code.

- -Jeff

On Oct 8, 2004, at 10:42 AM, Daniel Roelker wrote:

> This was checked in by Jeremy a few days ago.  You can check the cvs
> mailing list for bug fixes.  It will be available in the snort 2.3
> release.  Since this primarily only affected decoding print out (-dve 
> as
> options), it's currently not considered a major bug and has not caused
> any problems with snort running in IDS mode.
>
> Dan
>
> On Fri, 2004-10-08 at 09:43, Evrim ULU wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Marcin Z. wrote:
>> | Hi,
>> | I've recently found a bug in DecodeTCPOptions() in decode.c and 
>> probably
>> | DecodeIPOptions() (but not tested). When we run Snort in sniffer 
>> mode
>> like:
>> | % snort -dev -i lo
>> |
>> | System: Linux x86, kernel 2.4.27.
>> | Affected versions: from 2.1.3 up to 2.2.0
>> |
>>
>> Nobody from snort team approved this. Would they? Or is it fixed on 
>> the
>> latest cvs release?  Or its non existent?
>>
>> Evrim.
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.4 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFBZpl7R2rUfDW+YFIRArKoAKCKPM0zlr+AqdUntwxeJqh46QUddwCeJB8l
>> 0asU0ABg+RNHYAAyiA4US7s=
>> =wI0X
>> -----END PGP SIGNATURE-----
>>
>>
>> -------------------------------------------------------
>> This SF.net email is sponsored by: IT Product Guide on 
>> ITManagersJournal
>> Use IT products in your business? Tell us what you think of them. 
>> Give us
>> Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find 
>> out more
>> http://productguide.itmanagersjournal.com/guidepromo.tmpl
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
> -- 
> Daniel Roelker
> Lead Snort Developer
> Sourcefire, Inc.
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IT Product Guide on 
> ITManagersJournal
> Use IT products in your business? Tell us what you think of them. Give 
> us
> Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out 
> more
> http://productguide.itmanagersjournal.com/guidepromo.tmpl
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>

- --
The original EZ-bake packet oven.
http://nemesis.sourceforge.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBbFW2Eqr8+Gkj0/0RAuNeAJ9pZydb9xZkQiuOEQ5nvQMAdPLyIACffWAh
UNSanGnAL7oKbsNZXsZq/go=
=UWPB
-----END PGP SIGNATURE-----





More information about the Snort-devel mailing list