TUCoPS :: Linux :: Apps N-Z :: bt1455.txt

snort stream4 preprocessor integer overflow vulnerability 



> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> +------------------------------------------------------------------------+
> | Guardian Digital Security Advisory                      April 30, 2003 |
> | http://www.guardiandigital.com                        ESA-20030430-013 |
> |                                                                        |
> | Package: snort                                                         |
> | Summary: stream4 preprocessor integer overflow vulnerability           |
> +------------------------------------------------------------------------+
>
>   EnGarde Secure Linux is an enterprise class Linux platform engineered
>   to enable corporations to quickly and cost-effectively build a complete
>   and secure Internet presence while preventing Internet threats.
>
> OVERVIEW
> - --------
>   There is an integer overflow vulnerability in the stream4 preprocessor
>   of the Snort IDS system.
>
>   Guardian Digital products affected by this issue include:
>
>     EnGarde Secure Community v1.0.1
>     EnGarde Secure Community 2
>     EnGarde Secure Professional v1.1
>     EnGarde Secure Professional v1.2
>     EnGarde Secure Professional v1.5
>
>   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
>   assigned the name CAN-2003-0209 to this issue.
>
>   It is recommended that all users apply this update as soon as possible.
>
> SOLUTION
> - --------
>   Guardian Digital Secure Network subscribers may automatically update
>   affected systems by accessing their account from within the Guardian
>   Digital WebTool.
>
>   To modify your GDSN account and contact preferences, please go to:
>
>     https://www.guardiandigital.com/account/
>
>   Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages:
>
>     SRPMS/snort-2.0.0-1.0.10.src.rpm
>       MD5 Sum: e4dea6592038fa6e487607c1d1adbba4
>
>     i386/snort-2.0.0-1.0.10.i386.rpm
>       MD5 Sum: e530e2b93853e1082dec8de4f494e95a
>
>     i686/snort-2.0.0-1.0.10.i686.rpm
>       MD5 Sum: 3d0770923eedd9d28484984e13a23260
>
> REFERENCES
> - ----------
>   Guardian Digital's public key:
>     http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
>
>   Snort's Official Web Site:
>     http://www.snort.org/
>
>   Guardian Digital Advisories:
>     http://infocenter.guardiandigital.com/advisories/
>
>   Security Contact: security@guardiandigital.com
>
> - ------------------------------------------------------------------------
--
> Author: Ryan W. Maple <ryan@guardiandigital.com>
> Copyright 2003, Guardian Digital, Inc.
>

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH