On Sun, Aug 24, 2003 at 08:59:06AM -0600, Jamin W. Collins wrote: > > Before you object to this rather 'rude' bughandling, please keep in > > mind that version 1.8.4 of snort, which is in stable, has 3 severe > > security exploits, > > So, why hasn't a security update been released for it? Largely this is because snort should simply be removed from stable completely, as it is not useful, even if the security exploits are fixed. Snort depends on a set of rules to detect potentially malicious traffic. Obviously this set of rules needs to be updates on a regular basis in order to keep up with new security issues. The problem is that the version of snort in stable is old enough that the upstream maintainers are no longer releasing new rulesets for it. Thus, it can't detect potentially harmful traffic. A person responsible for the security of a system or network of systems needs to know if attacks on current vulnerabilities are being made on his system at least as bad as he needs to know that two year old vulnerabilities are being probed. snort 1.8.4 cannot report such activity, and can only lead to a false sense of security. Thus, trusting an old version of snort is more dangerous than not using it at all, IMHO. In the case of tools like snort, I strongly believe that we either need to remove it from stable or permit new upstream versions to be released for stable with point releases. noah
Attachment:
pgpRvcpKj98_0.pgp
Description: PGP signature