search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Heap overflow in Snort "stream4" preprocessor

Vulnerability Note VU#139129

Original Release Date: 2003-04-16 | Last Revised: 2003-05-20

Overview

The Snort "stream4" preprocessor module contains a vulnerability that allows remote attackers to execute arbitrary code with the privileges of the user running Snort, typically root.

Description

Researchers at CORE Security Technologies have discovered a remotely exploitable heap overflow in the Snort "stream4" preprocessor module. This module allows Snort to reassemble TCP packet fragments for further analysis.

To exploit this vulnerability, an attacker must disrupt the state tracking mechanism of the preprocessor module by sending a series of packets with crafted sequence numbers. This causes the module to bypass a check for buffer overflow attempts and allows the attacker to insert arbitrary code into the heap.

For further information, please read the Core Security Technologies Advisory located at

http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10

This vulnerability affects Snort versions 1.8.x, 1.9.x, and 2.0 prior to RC1.

Impact

This vulnerability allows remote attackers to execute arbitrary code with the privileges of the user running Snort, typically root. Please note that it is not necessary for the attacker to know the IP address of the Snort device they wish to attack; merely sending malicious traffic where it can be observed by an affected Snort sensor is sufficient to exploit these vulnerabilities.

Solution

Upgrade to Snort 2.0

This vulnerability is addressed in Snort version 2.0, which is available at

http://www.snort.org/dl/snort-2.0.0.tar.gz

Binary-only versions of Snort are available from

http://www.snort.org/dl/binaries

Disable the "stream4" preprocessor module

Sites that are unable to immediately upgrade affected Snort sensors may prevent exploitation of this vulnerability by commenting out the affected preprocessor module in the "snort.conf" configuration file. To do this, comment out the following line:

preprocessor stream4_reassemble

After commenting out the affected module, send a SIGHUP signal to the affected Snort process to update the configuration. Note that disabling this module may have adverse effects on a sensor's ability to correctly process TCP packet fragments. In particular, disabling this module will prevent the Snort sensor from detecting a variety of IDS evasion attacks.

Block outbound packets from Snort IDS systems

You may be able limit an attacker's capabilities if the system is compromised by blocking all outbound traffic from the Snort sensor. While this workaround will not prevent exploitation of the vulnerability, it may make it more difficult for the attacker to create a useful exploit.

Vendor Information

139129
Expand all

Debian

Notified:  April 16, 2003 Updated:  May 19, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 297-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 1st, 2003                           http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : snort
Vulnerability  : integer overflow, buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0033 CAN-2003-0209
CERT advisories: VU#139129 VU#916785
Bugtraq Ids    : 7178 6963

Two vulnerabilities have been discoverd in Snort, a popular network
intrusion detection system.  Snort comes with modules and plugins that
perform a variety of functions such as protocol analysis.  The
following issues have been identified:

Heap overflow in Snort "stream4" preprocessor
(VU#139129, CAN-2003-0209, Bugtraq Id 7178)


Researchers at CORE Security Technologies have discovered a
remotely exploitable inteter overflow that results in overwriting
the heap in the "stream4" preprocessor module.  This module allows
Snort to reassemble TCP packet fragments for further analysis.  An
attacker could insert arbitrary code that would be executed as
the user running Snort, probably root.


Buffer overflow in Snort RPC preprocessor
(VU#916785, CAN-2003-0033, Bugtraq Id 6963)


Researchers at Internet Security Systems X-Force have discovered a
remotely exploitable buffer overflow in the Snort RPC preprocessor
module.  Snort incorrectly checks the lengths of what is being
normalized against the current packet size.  An attacker could
exploit this to execute arbitrary code under the privileges of the
Snort process, probably root.


For the stable distribution (woody) these problems have been fixed in
version 1.8.4beta1-3.1.

The old stable distribution (potato) is not affected by these problems
since it doesn't contain the problematic code.

For the unstable distribution (sid) these problems have been fixed in
version 2.0.0-1.

We recommend that you upgrade your snort package immediately.

You are also advised to upgrade to the most recent version of Snort,
since Snort, as any intrusion detection system, is rather useless if
it is based on old and out-dated data and not kept up to date.  Such
installations would be unable to detect intrusions using modern
methods.  The current version of Snort is 2.0.0, while the version in
the stable distribution (1.8) is quite old and the one in the old
stable distribution is beyond hope.

Since Debian does not update arbitrary packages in stable releases,
even Snort is not going to see updates other than to fix security
problems, you are advised to upgrade to the most recent version from
third party sources.

The Debian maintainer for Snort provides backported up-to-date
packages for woody (stable) and potato (oldstable) for cases where you
cannot upgrade your entire system.  These packages are untested,
though and only exist for the i386 architecture:

deb     http://people.debian.org/~ssmeenk/snort-stable-i386/ ./
deb-src http://people.debian.org/~ssmeenk/snort-stable-i386/ ./

deb     http://people.debian.org/~ssmeenk/snort-oldstable-i386/ ./
deb-src http://people.debian.org/~ssmeenk/snort-oldstable-i386/ ./


Upgrade Instructions
- --------------------

wget url
will fetch the file for you

dpkg -i file.deb
will install the referenced file.


If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database

apt-get upgrade
will install corrected packages


You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1.dsc
Size/MD5 checksum:      681 2186ab4fe2efad905f07fb9522f04597

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1.diff.gz
Size/MD5 checksum:    67265 1f8ea5bc8a842626a30a2fb693398a16

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1.orig.tar.gz
Size/MD5 checksum:  1718574 80201d9c4e33af5e0b56121e4f9f7f7b


Architecture independent components:

http://security.debian.org/pool/updates/main/s/snort/snort-doc_1.8.4beta1-3.1_all.deb
Size/MD5 checksum:   344358 5d15c2a2ffc2e085a4dacfc8226ba336

http://security.debian.org/pool/updates/main/s/snort/snort-rules-default_1.8.4beta1-3.1_all.deb
Size/MD5 checksum:    59674 76c3416b6a5e97c4b82e984255ee62a6


Alpha architecture:

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_alpha.deb
Size/MD5 checksum:   218862 e289d2ac6a97c3c729575af2608d62da

http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_alpha.deb
Size/MD5 checksum:    35798 7d1a116fc1c00006914e48019ba68a4b

http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_alpha.deb
Size/MD5 checksum:   222492 589db8d591013c098a4d51981464b21e


ARM architecture:

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_arm.deb
Size/MD5 checksum:   178156 f37eb2c6b75176be30aaae92cfd699ea

http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_arm.deb
Size/MD5 checksum:    35820 4977d033364e56ec0d66266918b5ddfb

http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_arm.deb
Size/MD5 checksum:   181128 d7d40fc33fd3e51b54e4293ed7617c70


Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_i386.deb
Size/MD5 checksum:   162048 f26f7562fae5f8761834d4cabe3ed17c

http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_i386.deb
Size/MD5 checksum:    35802 548afa7fde8557dcd40bf235f38074dc

http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_i386.deb
Size/MD5 checksum:   165354 911fd22a147390c8cf5d4694b4e2b18b


Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_ia64.deb
Size/MD5 checksum:   271778 12be6ab4ac58909148a8c9625ebefb99

http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_ia64.deb
Size/MD5 checksum:    35798 57f0772e114cc1130c5c2639fc64be71

http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_ia64.deb
Size/MD5 checksum:   275284 a8489c8f41fa49d532c0afa67928ee61


HP Precision architecture:

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_hppa.deb
Size/MD5 checksum:   201916 91c8ee56127b14c92736d7d418bc05ca

http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_hppa.deb
Size/MD5 checksum:    35816 a5718f767ebc93178eb820dc5a190579

http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_hppa.deb
Size/MD5 checksum:   205334 00eb158e0b034dbb6e16e42223f5855b


Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_m68k.deb
Size/MD5 checksum:   150320 3c205732845c14274bd9d8520f8ba806

http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_m68k.deb
Size/MD5 checksum:    35850 3b8e1da42a9c796a0ecf74f1e7ca2ac1

http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_m68k.deb
Size/MD5 checksum:   153552 f97f6f155c93f042f01a9f2e40aff91d


Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_mips.deb
Size/MD5 checksum:   198172 75e4fef830c00e952f05cf4139bc264f

http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_mips.deb
Size/MD5 checksum:    35822 aadad43bcef00f74acc754302e3557fc

http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_mips.deb
Size/MD5 checksum:   201404 9fa10daa290890849df6762b66825024


Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_mipsel.deb
Size/MD5 checksum:   199732 040b188aeb253aa4ec4a6903c3f6f792

http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_mipsel.deb
Size/MD5 checksum:    35818 467f455bb8b2c59630470417673e9856

http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_mipsel.deb
Size/MD5 checksum:   202972 755df8c2d9b7e2bc01fec9a0b2259f4d


PowerPC architecture:

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_powerpc.deb
Size/MD5 checksum:   174508 3b5d1ebec2d40949e49746b4365c0a81

http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_powerpc.deb
Size/MD5 checksum:    35804 60575d5c1998634b6bb3d2a9696f95c6

http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_powerpc.deb
Size/MD5 checksum:   177562 c8cdeaab4e7c41c01a435933103fe6dd


IBM S/390 architecture:

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_s390.deb
Size/MD5 checksum:   173002 ff71b2925e1020c278d7d33eed8f8e6d

http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_s390.deb
Size/MD5 checksum:    35794 5207eb80204af25cdbd77dca4b6cc09e

http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_s390.deb
Size/MD5 checksum:   176296 2cc04f18ee550e4595e1680b43c2bf3e


Sun Sparc architecture:

http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_sparc.deb
Size/MD5 checksum:   176202 6f1325e6c45e06d3f769b18a9ce98274

http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_sparc.deb
Size/MD5 checksum:    35806 91ada09e5b9386b803184417ecbd953c

http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_sparc.deb
Size/MD5 checksum:   179444 deb6b8580ef04cabecfec3972f4519dd



These files will probably be moved into the stable distribution on
its next revision.


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+sR1ZW5ql+IAeqTIRApAdAKC1eQYjEpX7v5t4fdBeDh7CK5y6awCfdUpd
YqHF6Rz3zXbDFPWbU5uuPac=
=EfYw
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gentoo Linux

Notified:  April 22, 2003 Updated:  May 19, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200304-06
- - - ---------------------------------------------------------------------

PACKAGE : snort
SUMMARY : Multiple Vulnerabilities in Snort Preprocessors

DATE : 2003-04-28 07:07 UTC
EXPLOIT : remote

VERSIONS AFFECTED : <snort-2.0.0
FIXED VERSION : >=snort-2.0.0

CVE : CAN-2003-0209 CAN-2003-0033

- - - ---------------------------------------------------------------------

New (and correct) ID and updated CVE link.

- - From advisories:

"The Sourcefire Vulnerability Research Team has learned of an integer overflow
in the Snort stream4 preprocessor used by the Sourcefire Network Sensor
product line. The Snort stream4 preprocessor (spp_stream4) incorrectly
calculates segment size parameters during stream reassembly for certain
sequence number ranges which can lead to an integer overflow that can be
expanded to a heap overflow.

The Snort stream4 flaw may lead to a denial of service (DoS) attack or
remote command execution on a host running Snort. This attack can be launched
by crafting TCP stream packets and transmitting them over a network segment
that is being monitored by a vulnerable Snort implementation. In its
default configuration, certain versions of snort are vulnerable to this
attack, as is the default configuration of the Snort IDS."

"Remote attackers may exploit the buffer overflow condition to run
arbitrary code on a Snort sensor with the privileges of the Snort IDS
process, which typically runs as the superuser. The vulnerable
preprocessor is enabled by default. It is not necessary to establish an
actual connection to a RPC portmapper service to exploit this
vulnerability."

Read the full advisories at:
http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951
http://www.snort.org/advisories/snort-2003-04-16-1.txt

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-analyzer/snort upgrade to snort-2.0.0 as follows:

emerge sync
emerge snort
emerge clean

- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+rNNLfT7nyhUpoZMRAk3cAJ41kN/5iZoa3IOtmoTwP+E7JRZZdACdFiE6
c8JLrnnQbuVE2ASytyK0N48=
=V4iq
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Guardian Digital Inc.

Notified:  April 16, 2003 Updated:  May 19, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+------------------------------------------------------------------------+
| Guardian Digital Security Advisory                      April 30, 2003 |
| http://www.guardiandigital.com                        ESA-20030430-013 |
|                                                                        |
| Package: snort                                                         |
| Summary: stream4 preprocessor integer overflow vulnerability           |
+------------------------------------------------------------------------+

EnGarde Secure Linux is an enterprise class Linux platform engineered
to enable corporations to quickly and cost-effectively build a complete
and secure Internet presence while preventing Internet threats.


OVERVIEW
- --------

There is an integer overflow vulnerability in the stream4 preprocessor
of the Snort IDS system.


Guardian Digital products affected by this issue include:

EnGarde Secure Community v1.0.1
EnGarde Secure Community 2
EnGarde Secure Professional v1.1
EnGarde Secure Professional v1.2
EnGarde Secure Professional v1.5


The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0209 to this issue.


It is recommended that all users apply this update as soon as possible.

SOLUTION
- --------

Guardian Digital Secure Network subscribers may automatically update
affected systems by accessing their account from within the Guardian
Digital WebTool.


To modify your GDSN account and contact preferences, please go to:

https://www.guardiandigital.com/account/

Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages:

SRPMS/snort-2.0.0-1.0.10.src.rpm
MD5 Sum: e4dea6592038fa6e487607c1d1adbba4


i386/snort-2.0.0-1.0.10.i386.rpm
MD5 Sum: e530e2b93853e1082dec8de4f494e95a


i686/snort-2.0.0-1.0.10.i686.rpm
MD5 Sum: 3d0770923eedd9d28484984e13a23260


REFERENCES
- ----------

Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY


Snort's Official Web Site:
http://www.snort.org/


Guardian Digital Advisories:
http://infocenter.guardiandigital.com/advisories/


Security Contact: security@guardiandigital.com

- --------------------------------------------------------------------------
Author: Ryan W. Maple <ryan@guardiandigital.com>
Copyright 2003, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+sAc2HD5cqd57fu0RAuO6AJ4goWYfOXpM+04wblcHcJ8xQsKe3gCcCmaB
6+6LpMQDs0jKX5xSbtXEyMI=
=Froi
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft

Notified:  April 16, 2003 Updated:  May 19, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           snort
Advisory ID:            MDKSA-2003:052
Date:                   April 28th, 2003

Affected versions:8.2, 9.0, 9.1, Corporate Server 2.1,
Multi Network Firewall 8.2

________________________________________________________________________

Problem Description:

An integer overflow was discovered in the Snort stream4 preprocessor
by the Sourcefire Vulnerability Research Team. This preprocessor
(spp_stream4) incorrectly calculates segment size parameters during
stream reassembly for certainm sequence number ranges.  This can
lead to an integer overflow that can in turn lead to a heap overflow
that can be exploited to perform a denial of service (DoS) or even
remote command excution on the host running Snort.


Disabling the stream4 preprocessor will make Snort invulnerable to
this attack, and the flaw has been fixed upstream in Snort version
2.0.  Snort versions 1.8 through 1.9.1 are vulnerable.

________________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0209
http://www.snort.org/advisories/snort-2003-04-16-1.txt

________________________________________________________________________

Updated Packages:

Corporate Server 2.1:
97c817bc7ddb5e1a89f4479668cf59f0  corporate/2.1/RPMS/snort-2.0.0-2.1mdk.i586.rpm
ca9dec4bc5ba46f80a0724f6e0f5a138  corporate/2.1/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
0262bcb71eea556cbee8c421e4ad1511  corporate/2.1/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
8dd41f46553707dc3adc6a82855df2ba  corporate/2.1/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
46ad883dad9f77ce6d978171eb03de67  corporate/2.1/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
3dd354f0c849c9765451b51fa93a0b4e  corporate/2.1/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
8735c537e40937a7b3ae3f3c38d55162  corporate/2.1/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
73a866acec5d6e1abdde902d0d893968  corporate/2.1/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
cc0a606a5409213934b0c06fe2d44433  corporate/2.1/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181  corporate/2.1/SRPMS/snort-2.0.0-2.1mdk.src.rpm


Mandrake Linux 8.2:
a4514c067f2409606fe7706a35d8f3f7  8.2/RPMS/snort-2.0.0-2.1mdk.i586.rpm
5c2f61da6ce991e630a23dffbeee2814  8.2/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
242237fafcc77f29b9b6cdc71db27cdc  8.2/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
75a9dc76a726e93e1876c35d7eafa543  8.2/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
9230a8bf2966eda057b4903edb2e6e8c  8.2/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
08efb60f8fa7f117903f3267e92c1937  8.2/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
a993826c9b4a74cfde1a36f3b209c3a9  8.2/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
9700de212e797fb49d59859bd0faeef8  8.2/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
781cafab6d9ca1e7de0d53a9f0a6ad20  8.2/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181  8.2/SRPMS/snort-2.0.0-2.1mdk.src.rpm


Mandrake Linux 8.2/PPC:
2961264210fb026e70c76bc20db4a109  ppc/8.2/RPMS/snort-2.0.0-2.1mdk.ppc.rpm
4efd69038a64483af014ed3da0bda40e  ppc/8.2/RPMS/snort-bloat-2.0.0-2.1mdk.ppc.rpm
1618da9f7f393f384f2fa3620d5756ab  ppc/8.2/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.ppc.rpm
26772c8ca76f47d33d75a2bae9c4b030  ppc/8.2/RPMS/snort-mysql-2.0.0-2.1mdk.ppc.rpm
1954dd955a26e4fafe053e1ed418fe7f  ppc/8.2/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.ppc.rpm
84f600f2013d88faecc4a19613a16cf2  ppc/8.2/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.ppc.rpm
a32214c7f3ab03681956054f61d4071f  ppc/8.2/RPMS/snort-postgresql-2.0.0-2.1mdk.ppc.rpm
76b030fb690c654ff008ee0d2bfdee95  ppc/8.2/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.ppc.rpm
d365692eb1fd386fb9f1fb4b87973f2a  ppc/8.2/RPMS/snort-snmp-2.0.0-2.1mdk.ppc.rpm
2efb9950c70248f94b561f76bef88181  ppc/8.2/SRPMS/snort-2.0.0-2.1mdk.src.rpm


Mandrake Linux 9.0:
97c817bc7ddb5e1a89f4479668cf59f0  9.0/RPMS/snort-2.0.0-2.1mdk.i586.rpm
ca9dec4bc5ba46f80a0724f6e0f5a138  9.0/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
0262bcb71eea556cbee8c421e4ad1511  9.0/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
8dd41f46553707dc3adc6a82855df2ba  9.0/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
46ad883dad9f77ce6d978171eb03de67  9.0/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
3dd354f0c849c9765451b51fa93a0b4e  9.0/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
8735c537e40937a7b3ae3f3c38d55162  9.0/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
73a866acec5d6e1abdde902d0d893968  9.0/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
cc0a606a5409213934b0c06fe2d44433  9.0/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181  9.0/SRPMS/snort-2.0.0-2.1mdk.src.rpm


Mandrake Linux 9.1:
3436f5a3ec275a9e8d38b32a3e885b20  9.1/RPMS/snort-2.0.0-2.1mdk.i586.rpm
c63d4e80b2b69dc8469a401d62e65de2  9.1/RPMS/snort-bloat-2.0.0-2.1mdk.i586.rpm
0e12b7b79706198f6351c1d55d6c29a6  9.1/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.i586.rpm
501bbbcfb86e0dbc5a1450f97d5df972  9.1/RPMS/snort-mysql-2.0.0-2.1mdk.i586.rpm
b4151478633c30590a605e8fe110852e  9.1/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.i586.rpm
7f58e498e92d7b32bfa6c4b7a85c36c1  9.1/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.i586.rpm
b576a20571664d450504b3a51aae0417  9.1/RPMS/snort-postgresql-2.0.0-2.1mdk.i586.rpm
76cb1fc010b384ef5ba0c236d85ce6e5  9.1/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.i586.rpm
fca545c28a94eaabc6f10d7528d0e82c  9.1/RPMS/snort-snmp-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181  9.1/SRPMS/snort-2.0.0-2.1mdk.src.rpm


Mandrake Linux 9.1/PPC:
6fedffede24c0334a8eeb858a826482f  ppc/9.1/RPMS/snort-2.0.0-2.1mdk.ppc.rpm
753051524999ae9f082e124bfc949ec2  ppc/9.1/RPMS/snort-bloat-2.0.0-2.1mdk.ppc.rpm
905246e8240c13006760bbd56c0fbe9b  ppc/9.1/RPMS/snort-mysql+flexresp-2.0.0-2.1mdk.ppc.rpm
b8adb28a28341780014339e9cd1f4b8a  ppc/9.1/RPMS/snort-mysql-2.0.0-2.1mdk.ppc.rpm
d1537b80ce0d15e290d129edf9b6f02e  ppc/9.1/RPMS/snort-plain+flexresp-2.0.0-2.1mdk.ppc.rpm
16b0bbbc4729f8fdaf7d0554b45cd0e5  ppc/9.1/RPMS/snort-postgresql+flexresp-2.0.0-2.1mdk.ppc.rpm
972676cf613c1d1313a6bf68d7f9f0d6  ppc/9.1/RPMS/snort-postgresql-2.0.0-2.1mdk.ppc.rpm
7c79443a574b81db3345bac3c11c2f16  ppc/9.1/RPMS/snort-snmp+flexresp-2.0.0-2.1mdk.ppc.rpm
4df4eef406078666a682a01935975678  ppc/9.1/RPMS/snort-snmp-2.0.0-2.1mdk.ppc.rpm
2efb9950c70248f94b561f76bef88181  ppc/9.1/SRPMS/snort-2.0.0-2.1mdk.src.rpm


Multi Network Firewall 8.2:
a4514c067f2409606fe7706a35d8f3f7  mnf8.2/RPMS/snort-2.0.0-2.1mdk.i586.rpm
2efb9950c70248f94b561f76bef88181  mnf8.2/SRPMS/snort-2.0.0-2.1mdk.src.rpm

________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

rpm --checksig <filename>

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team

<security linux-mandrake.com>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)

mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA
BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H
8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K
+jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy
YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j
b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+
AJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E
OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ
9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR
xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z
269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN
6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ
jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo
0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ
EJGXlA==
=yGlX
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+rc7gmqjQ0CJFipgRAiufAJ0Wa5bQdmAunHSUUw+z2CYm4vAUbACcCJfl
2WSQOdFu39Whu+U8sPBFXtE=
=py2r
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SmoothWall

Notified:  April 17, 2003 Updated:  April 21, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The SmoothWall firewall is affected by this vulnerability; for more information, please see

Snort

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Vulnerable

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Snort(TM) Advisory: Integer Overflow in Stream4

Date: April 16, 2003


Affected Versions:
All versions of the following products are affected:

* Snort 1.8 through 1.9.1
* Snort CVS - current branch up to version 2.0.0 beta


Synopsis:
The Sourcefire Vulnerability Research Team has learned of an integer overflow
in the Snort stream4 preprocessor used by the Sourcefire Network Sensor
product line. The Snort stream4 preprocessor (spp_stream4) incorrectly
calculates segment size parameters during stream reassembly for certain
sequence number ranges which can lead to an integer overflow that can be
expanded to a heap overflow.

The Snort stream4 flaw may lead to a denial of service (DoS) attack or
remote command execution on a host running Snort. This attack can be launched
by crafting TCP stream packets and transmitting them over a network segment
that is being monitored by a vulnerable Snort implementation. In its
default configuration, certain versions of snort are vulnerable to this
attack, as is the default configuration of the Snort IDS.

Disabling the stream4 preprocessor will make the snort invulnerable to the
attack.

To disable the stream4 preprocessor, edit snort.conf and replace any lines
that begin with "preprocessor stream4" with "# preprocessor stream4"

NOTE: Disabling the stream4 preprocessor disables stateful inspection and
stream reassembly and could allow someone to evade snort using tcp stream
segmentation attacks.


Patches:

Snort 2.0 has been released and corrects this vulnerability.


(C) 2003 Sourcefire, Inc.  All rights reserved.
Sourcefire and Snort are trademarks or registered trademarks of Sourcefire, INC.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+nadjavJ5BgQ0p28RAi8FAKCviv78UU8V2k+smfZU875Lcrhb9gCfQIXK
CuzzM4EKTvbvkvo+wL47YYM=
=u1yD
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Snort has released version 2.0 to address this vulnerability. This version is available at

Apple Computer Inc.

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Not Vulnerable

Vendor Statement

Snort is not shipped with Mac OS X or Mac OS X Server.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva

Notified:  April 16, 2003 Updated:  May 19, 2003

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------

PACKAGE   : snort
SUMMARY   : Vulnerability in the stream4 preprocessor
DATE      : 2003-05-06 21:44:00
ID        : CLA-2003:642
RELEVANT
RELEASES  : 8, 9

- -------------------------------------------------------------------------

DESCRIPTION
Snort is an Open Source Network Intrusion Detection System (NIDS).


Core Security has discovered[1] a remotely exploitable integer
overflow vulnerability in Snort. It resides in the stream4
preprocessor, which is responsible for normalizing TCP traffic before
its analysis by the rules processor.


A remote attacker able to insert specially crafted TCP traffic in the
network being monitored by snort may crash the sensor or execute
arbitrary code in its context, which is run by the root user.


The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CAN-2003-0209 to this issue[2].


Since the stream4 preprocessor is present only in snort versions >=
1.8, users of Conectiva Linux versions 6.0 and 7.0 are not vulnerable
to this attack.


Additionally, a preventive fix for a possible problem with the use of
the memcpy() function in the frag2 preprocessor code was added[3].


IMPORTANT: Please note that this update includes snort 1.9.1. The
snort version originally distributed with Conectiva Linux 8 was
1.8.4b1 (already updated to 1.9.1 in the last snort security[4]
announcement). Since several components have changed in snort 1.9.1,
the old snort.conf file and the alerts database need some small
changes in order to work with this new version. Instructions about
how to smoothly upgrade from 1.8.4b1 are available in the package
documentation and in our last snort security announcement[4],
released on 04/04/2003.



SOLUTION
All snort users should upgrade.



REFERENCES:
1.http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0209
3.http://sourceforge.net/mailarchive/message.php?msg_id=4457321
4.http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000613



UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/8/RPMS/snort-1.9.1-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/snort-1.9.1-1U80_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/snort-1.9.1-27951U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/snort-1.9.1-27951U90_2cl.src.rpm


ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:


- run:                 apt-get update
- after that, execute: apt-get upgrade


Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+uFdH42jd0JmAcZARArwgAKDE+fRKY03JkA3kDE3az3gEcUm5LgCg3KLt
llQNn3eE5epnkGnwvflmFL0=
=1oGg
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu

Notified:  April 16, 2003 Updated:  May 19, 2003

Status

  Not Vulnerable

Vendor Statement

Fujitsu's UXP/V o.s. is not affected by the problem in VU#139129 and [VU#]916785 because it does not support the Snort.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ingrian Networks

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Not Vulnerable

Vendor Statement

Ingrian Networks products are not susceptible to VU#139129 and VU#916785 since they do not use Snort.

Ingrian customers who are using the IDS Extender Service Engine to mirror cleartext data to a Snort-based IDS should upgrade their IDS software.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetBSD

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Not Vulnerable

Vendor Statement

NetBSD does not include snort in the base system.

Snort is available from the 3rd party software system, pkgsrc. Users who have installed net/snort, net/snort-mysql or net/snort-pgsql should update to a fixed version. pkgsrc/security/audit-packages can be used to keep up to date with these types of issues.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc.

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Not Vulnerable

Vendor Statement

Red Hat does not ship Snort in any of our supported products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Not Vulnerable

Vendor Statement

SGI does not ship snort as part of IRIX.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

BSDI

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cray Inc.

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Data General

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeBSD

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sony Corporation

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SuSE Inc.

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems Inc.

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group (SCO Linux)

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group (SCO UnixWare)

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Unisys

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems Inc.

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wirex

Notified:  April 16, 2003 Updated:  April 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This vulnerability was discovered by Bruce Leidl, Juan Pablo Martinez Kuhn, and Alejandro David Weil of Core Security Technologies.

This document was written by Jeffrey P. Lanza.

Other Information

CVE IDs: CVE-2003-0209
CERT Advisory: CA-2003-13
Severity Metric: 30.99
Date Public: 2003-04-15
Date First Published: 2003-04-16
Date Last Updated: 2003-05-20 01:03 UTC
Document Revision: 22

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.