Bug#503992: Request of authorisation for an upload of Snort in stable to fix 503992

Sat, 21 Mar 2009 16:55:37 -0700 

Hi release team,

I would like to make an upload to stable to fix bug 503992 of Snort. Basicly,
this bug was introduced with the patch for a security vulnerability but
introduced a sigsegv due to an improper call to a function. This error kills
the Snort IDS as soon as it receives fragmented traffic which. In some
systems (such as systems behind an ADSL) this seems to happen frequently
enough.

Attached is the diff of the Snort release 2.7.0-20.4 I would like to upload
vs. the version currently in stable.

I would like permission from the stable release managers to upload this fixed
version there, thanks.

Javier

diff -Nru snort-2.7.0-20.3/debian/changelog snort-2.7.0/debian/changelog
--- snort-2.7.0-20.3/debian/changelog	2008-11-04 22:38:11.000000000 +0100
+++ snort-2.7.0/debian/changelog	2009-03-22 00:17:24.000000000 +0100
@@ -1,3 +1,14 @@
+snort (2.7.0-20.4) stable; urgency=high
+
+  * Fix error in call to LogMessage (missing parameters) which caused a
+    segfault when fragmented packages were received. This bug was introduced in
+    the patch to fix CVE-2008-1804. Urgency set to 'high' as in some
+    circunstances it makes Snort fail to start on startup or die after
+    working for only a few minutes. Also, this could be used as a DoS
+    attack against an IDS sensor rendering it useless. (Closes: #503992)
+
+ -- Javier Fernandez-Sanguino Pen~a <j...@debian.org>  Sun, 22 Mar 2009 00:16:44 +0100
+
 snort (2.7.0-20.3) testing-proposed-updates; urgency=low
 
   * Reupload to testing to *really* depend on newer libpcre.
diff -Nru snort-2.7.0-20.3/src/preprocessors/spp_frag3.c snort-2.7.0/src/preprocessors/spp_frag3.c
--- snort-2.7.0-20.3/src/preprocessors/spp_frag3.c	2008-10-22 01:33:03.000000000 +0200
+++ snort-2.7.0/src/preprocessors/spp_frag3.c	2009-03-22 00:18:23.000000000 +0100
@@ -1556,7 +1556,7 @@
                  */
                 p->fragtracker = NULL;
             }
-            LogMessage("%s(%d) ==> The ttl_limit option will be ignored, and Use of the ttl_limit option will be deprecated in a future release\n");
+            // LogMessage("%s(%d) ==> The ttl_limit option will be ignored, and Use of the ttl_limit option will be deprecated in a future release\n", file_name, file_line);
         }
 
         Frag3RemoveTracker(&fkey, ft);

Attachment: signature.asc
Description: Digital signature

Reply via email to