linux, säkerhet

92459 2003-03-03  21:21  /10 rader/ Dave Ahmad <da@securityfocus.com>
Importerad: 2003-03-03  21:21  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <3776>
Ärende: Snort RPC Vulnerability (fwd)
------------------------------------------------------------


David Mirza Ahmad
Symantec

"sabbe dhamma anatta"

0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB  AB F0 1E 67 C6 1A 26 00 57 12
(92459) /Dave Ahmad <da@securityfocus.com>/---------
Bilaga (message/rfc822) i text 92460
92460 2003-03-03  21:21  /62 rader/ Dave Ahmad <da@securityfocus.com>
Importerad: 2003-03-03  21:21  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <3777>
Bilaga (text/plain) till text 92459
Ärende: Bilaga till: Snort RPC Vulnerability (fwd)
------------------------------------------------------------
Return-Path: <focus-ids-return-3250-da=securityfocus.com@securityfocus.com>
Delivered-To: da@securityfocus.com
Received: (qmail 27172 invoked from network); 3 Mar 2003 18:35:46 -0000
Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26)
  by mail.securityfocus.com with SMTP; 3 Mar 2003 18:35:46 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
	by outgoing.securityfocus.com (Postfix) with QMQP
	id 2A8128F2D7; Mon,  3 Mar 2003 11:29:52 -0700 (MST)
Mailing-List: contact focus-ids-help@securityfocus.com; run by ezmlm
Precedence: bulk List-Id: <focus-ids.list-id.securityfocus.com>
List-Post: <mailto:focus-ids@securityfocus.com> List-Help:
<mailto:focus-ids-help@securityfocus.com> List-Unsubscribe:
<mailto:focus-ids-unsubscribe@securityfocus.com> List-Subscribe:
<mailto:focus-ids-subscribe@securityfocus.com> Delivered-To: mailing
list focus-ids@securityfocus.com Delivered-To: moderator for
focus-ids@securityfocus.com Received: (qmail 22566 invoked from
network); 3 Mar 2003 18:17:16 -0000 Date: Mon, 3 Mar 2003 11:20:51
-0700 From: "Jason V. Miller" <jmiller@securityfocus.com> To:
Focus-IDS <focus-ids@securityfocus.com> Subject: Snort RPC
Vulnerability Message-ID: <20030303182051.GE19260@securityfocus.com>
Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii
Content-Description: Message Content-Disposition: inline User-Agent:
Mutt/1.3.25i


Anyone using Snort might want to have a look at the latest ISS
Advisory. There is a vulnerability in Snort 1.8.0 - 1.9.0 in the RPC
preprocessor, which may ultimately allow a remote attacker to execute
arbitrary code on a vulnerable host.

Internet Security Systems Security Advisory Snort RPC Preprocessing
Vulnerability
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951

The Snort team has released a new version, 1.9.1, which contains
fixes for this issue. Users not wishing to upgrade may disable the
RPC preprocessor in their snort.conf configs.

Check out the Snort Web site:
http://www.snort.org/

Version 1.9.1, which contains fixes for this issue, is available here:
http://www.snort.org/dl/snort-1.9.1.tar.gz

Regards,

-- 
Jason V. Miller, Threat Analyst
Symantec, Inc. - www.symantec.com
E-Mail:	jmiller@securityfocus.com

-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
(92460) /Dave Ahmad <da@securityfocus.com>/(Ombruten)