[Snort-devel] Snort 2.7 Segfaults w/bleeding-exploit

Bamm Visscher bamm.visscher at ...2499...
Wed Jul 25 19:20:50 EDT 2007


I was testing 2.7.0 (Build 35) today and ran into a couple of issues.
The first is fairly simple.

Initializing rule chains...
ERROR: /etc/snort/rules/bleeding-dos.rules (79): Invalid ICMP icode in
rule: >1<5
Fatal Error, Quitting..


The below thread on snort-sigs seems to address the issue, not sure
when the change of syntax occurred

[Snort-sigs] icode syntax (snort 2.7.0)
(http://archive.netbsd.se/?ml=snort-sigs&a=2007-07&m=4728221)


The next issue is a bit different.

Program received signal SIGSEGV, Segmentation fault.
0x080bc81e in Stream5GetFlowData (p=0xbfe18e90) at spp_stream5.c:1277
1277        return (StreamFlowData *)ssn->flowdata->data;

If I comment out bleeding-exploit.rules, everything works fine. Snort
doesn't complain with -T either.  I am getting ready to head out, so
if anyone else can confirm the issue, that'd be great. Otherwise I'll
try to track down what rule is triggering the issue when I can get
some more time.

Bammkkkk

-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net




More information about the Snort-devel mailing list