Hi, Noticed on vil.mcafee.com that a proof of concept exploit for Snort to exploit the vuln. found in v1.8 through to 1.9.1. Packet Storm Security have this proof of concept on their site (local exploit at the moment). It uses a call-back technique to spawn a shell on the attackers machine, via a connection from the compromised machine. I've not tried this on my Debian machines yet, so can't say if it works - You'd need the return address for Debian as only Slackware is support in this proof of concept. What's the status of a patch from Debian Security? No DSA yet either. I know this has been brought up a few times already but now an exploit exists in the wild. As a workaround, I could disable snort (granted) but also, how can I use /etc/apt/preferences to update /just/ snort to a non-vuln. version from another branch (unstable/testing)? What line do I need in /etc/apt/sources.list? And how easy is it to downgrade to the stable version if something goes wrong or a patch is released from Debian? Thanks for all the help and regards, David. -- .''`. David Ramsden <david@hexstream.eu.org> : :' : http://portal.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system.
Attachment:
pgpxAYz0nGWPD.pgp
Description: PGP signature