RE: SANS Alert - Snort Vulnerability - stil Vulnerabile ?

To: debian-security@lists.debian.org
Subject: RE: SANS Alert - Snort Vulnerability - stil Vulnerabile ?
From: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>
Date: Wed, 16 Apr 2003 12:45:11 -0500 (CDT)
Message-id: <[🔎] Pine.GSO.4.40.0304161241520.28552-100000@mira.cc.umanitoba.ca>
Mail-followup-to: Drew Scott Daniels <umdanie8@cc.umanitoba.ca>

> > On Tue, Mar 11, 2003 at 06:53:48PM +0900, Hideki Yamane wrote:
> > >
> > > >This was added to the SANS Advisory on Sendmail last week.
> > > >I have not seen any news nor postings related to Snort with
> > > >Debian and was wondering about the status of Snort in stable
> > > >at this time.
> > >
> > >  snort vulnerability was posted in BTS.
> > >  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=183719
> > >
> > >  # but, yes, DSA have not been released yet.
> >
> Is Woody version stil Vulnerabile to this serious security bug ?

I believe so. I'm using the bug to track the issue. Currently it's tagged
sarge and woody. Snort.org said the default distribution is vulnerable,
and in the Debian diff I see no change to the affected sections (for both
woody and sarge).

I've informed the security team, but they're likely busy with other
issues. A comment from them on the bug would be nice.

     Drew Daniels

Reply to:

Prev by Date: Re: VPN: SSH or IPSec???
Next by Date: Bug severity for substantial DoS vulnerability
Previous by thread: Re: SANS Alert - Snort Vulnerability - stil Vulnerabile ?
Next by thread: updated sendmail package: config error
Index(es):
- Date
- Thread