MDVSA-2009:259-1

Package name

snort

Date

2009-12-11

Advisory ID

MDVSA-2009:259-1

Affected versions

2008.0 i586 , 2008.0 x86_64

Problem description

preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not
properly identify packet fragments that have dissimilar TTL values,
which allows remote attackers to bypass detection rules by using a
different TTL for each fragment. (CVE-2008-1804)

The updated packages have been patched to prevent this.

Additionally there were problems with two rules in the snort-rules
package for 2008.0 that is also fixed with this update.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 c6835024a29a5c1156ec1bcabe7a930e  2008.0/i586/snort-2.7.0.1-2.1mdv2008.0.i586.rpm
 098ce3906b38dbc27781a50b78ecbbad  2008.0/i586/snort-bloat-2.7.0.1-2.1mdv2008.0.i586.rpm
 d7657089df1764a9e39ddd2b51184a49  2008.0/i586/snort-inline-2.7.0.1-2.1mdv2008.0.i586.rpm
 f4f32580e4d373f60851e86b8f7c9bc0  2008.0/i586/snort-inline+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
 a62fad5150fcbf898093874f98a8fd1f  2008.0/i586/snort-mysql-2.7.0.1-2.1mdv2008.0.i586.rpm
 debc1944271f72611659243643df0b37  2008.0/i586/snort-mysql+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
 a409dad0f0fff1d22464aec4099ac9c0  2008.0/i586/snort-plain+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
 0e23ae93be9946cbcfd4df66beac3233  2008.0/i586/snort-postgresql-2.7.0.1-2.1mdv2008.0.i586.rpm
 c52e0e33c8fc3c01037e2f552897eda0  2008.0/i586/snort-postgresql+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
 d3122af0d714bfb08757af1dc62cfb23  2008.0/i586/snort-prelude-2.7.0.1-2.1mdv2008.0.i586.rpm
 0b887e9d0dee5fa77feae8143d134ba9  2008.0/i586/snort-prelude+flexresp-2.7.0.1-2.1mdv2008.0.i586.rpm
 a9e6bf9e1993eacd1063832575ffe977  2008.0/i586/snort-rules-2.3.3-4.1mdv2008.0.noarch.rpm 
 00f5191e8a96520bddec9103643e0749  2008.0/SRPMS/snort-2.7.0.1-2.1mdv2008.0.src.rpm
 0be9e2861d2c13d582f40e6f1bd8e658  2008.0/SRPMS/snort-rules-2.3.3-4.1mdv2008.0.src.rpm

2008.0 x86_64

 d2f029f4ec84f06776fb384e56e4d721  2008.0/x86_64/snort-2.7.0.1-2.1mdv2008.0.x86_64.rpm
 6c8ec7d6879e031ced36dc513bb7fe74  2008.0/x86_64/snort-bloat-2.7.0.1-2.1mdv2008.0.x86_64.rpm
 fe4d3026e064ff96a18d3efe30d66751  2008.0/x86_64/snort-inline-2.7.0.1-2.1mdv2008.0.x86_64.rpm
 cc1a7cae0cab080fa9988f4c98e79815  2008.0/x86_64/snort-inline+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
 d82f9aeb3e9830dbe800ba56174d4db8  2008.0/x86_64/snort-mysql-2.7.0.1-2.1mdv2008.0.x86_64.rpm
 a3dbf00d5ef116b42bd976ee9ade5fa3  2008.0/x86_64/snort-mysql+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
 0418bd642265eceadb17fe715420df23  2008.0/x86_64/snort-plain+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
 c230b6a1c20e51b2677ff1ae03cb5a15  2008.0/x86_64/snort-postgresql-2.7.0.1-2.1mdv2008.0.x86_64.rpm
 d77df31ddcf18a7a7593e5066b718b5b  2008.0/x86_64/snort-postgresql+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
 7acf1860096c4e33a4f98b761238eb8c  2008.0/x86_64/snort-prelude-2.7.0.1-2.1mdv2008.0.x86_64.rpm
 1650df9efae93915a664dc8fd241e541  2008.0/x86_64/snort-prelude+flexresp-2.7.0.1-2.1mdv2008.0.x86_64.rpm
 bf0455c5009baba5e69fd36be577395f  2008.0/x86_64/snort-rules-2.3.3-4.1mdv2008.0.noarch.rpm 
 00f5191e8a96520bddec9103643e0749  2008.0/SRPMS/snort-2.7.0.1-2.1mdv2008.0.src.rpm
 0be9e2861d2c13d582f40e6f1bd8e658  2008.0/SRPMS/snort-rules-2.3.3-4.1mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1804