[Snort-users] Two items that are hard to digest...

Michael Steele michaels at ...155...
Thu Apr 17 09:45:28 EDT 2003


Matt,

As far as I know there is no plan to patch 1.9.1.

Can someone clarify this?

Will there be a patched 1.9.1 made available, and when.

I'm assuming that there is at least 1 or 2 Snort users that for whatever
reason cannot update to 2.0 at this time. They are very susceptible to this
vulnerability. Even the so called fix needs a fix. To be realistic, I'm
betting there are more then 1 or 2 Snort 1.9.1 users out there.

-Michael
-- 
 Michael Steele | System Engineer / Support Technician     
 mailto:michaels at ...155...    
 Silicon Defense - The Cyber-War Defense Company
 Website: http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: Matt Kettler [mailto:mkettler at ...4108...] 
Sent: Thursday, April 17, 2003 9:34 AM
To: Michael Steele
Cc: snort-users at lists.sourceforge.net

At 09:16 AM 4/17/2003 -0700, Michael Steele wrote:
>Matt,
>
>Go to http://www.snort.org and read the "Snort Advisory: Integer Overflow
in
>Stream4". This needs to be patched in 1.9.1. I saw a post somewhere that
>there is an unofficial patch floating around, but we need one that is
>official and available on Snort.org.

Ahh, missed that.. I'd suspect the snort-devels are focusing on making sure 
2.0 is stable, and then will backport this a bit later. It's only been a 
bit under 24 hours, so I'm not too surprised that a patch for 1.9.1 wasn't 
out the second the vulnerability was detected.... I also suspect that this 
bug was detected during 2.0 development, and caused for a 
hastier-than-normal 2.0 release.

Personally I'd rather they at least release _some_ fixed version as soon as 
possible rather than delaying releasing any fix at all until both branches 
are fixed.

I would however agree that a patch for 1.9.x should be released. 








More information about the Snort-users mailing list