Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-01-13 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Snort Vulnerabilities

Published: 2007-01-13
Last Updated: 2007-01-14 22:56:17 UTC
by Koon Yaw Tan (Version: 3)
0 comment(s)
Two vulnerabilities are reported recently. One is pertaining to Rule Matching Backtrack Denial of Service Vulnerability.  A attacker may cause denial of service, which could allow the remote user to evade detection. This issue is fixed in v2.6.1.

http://www.snort.org/pub-bin/snortnews.cgi#591
http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf

The other one, affecting Snort 2.6.1.2, is due to an integer underflow that may allow a remote attacker to cause Snort to read beyond a specified length of memory, potentially corrupting logfiles.

The system is only affected if you have compiled Snort to decode the Generic Routing Encapsulation (GRE) protocol. GRE is used to encapsulate arbitrary protocols to a remote host. The vulnerable code is not compiled by default.

Sourcefire has released a fix for this vulnerability in Snort's current CVS tree.

http://labs.calyptix.com/advisories/CX-2007-01.txt

Update:

It has come to our attention that the GRE is not enabled by default.  Only those who have compiled with --enable-gre when compiling the snort 2.6.1.2 source tree will have this particular issue. We heavily recommend upgrading all versions to the current version as it is much faster and offers more functionality.  For more information on this, I would recommend checking out the Snort-Users mailing list.
Keywords:
0 comment(s)

YaY Popup Update

Published: 2007-01-13
Last Updated: 2007-01-13 20:37:55 UTC
by Koon Yaw Tan (Version: 1)
0 comment(s)
A quick update. Trend Micro has detected this as TROJ_ZONEBAC.F (Thanks to our reader smallmo).
Keywords:
0 comment(s)

Oracle Critical Patch Update Pre-Release Announcement

Published: 2007-01-13
Last Updated: 2007-01-13 19:44:40 UTC
by Koon Yaw Tan (Version: 1)
0 comment(s)
Oracle has released an advance information on its upcoming quarterly patch that is planned to be released on 16 Jan 07.

This Critical Patch Update contains 52 new security fixes. At least 24 of them may be remotely exploitable without authentication. The highest CVSS base score of vulnerabilities across all products is 7.0.

The affected products include Oracle Database, Oracle Application Server, Oracle E-Business Suite and Applications, Oracle Enterprise Manager and Oracle PeopleSoft Enterprise.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
Keywords:
0 comment(s)
Diary Archives