[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Snort exploit in wild.

On Fri, Apr 25, 2003 at 12:13:38PM +0200, Marcel Weber wrote:
> David Ramsden wrote:
> Following the advice from heise.de [1] it should be enough to comment 
> out the line:
> preprocessor stream4_reassemble
> in your /etc/snort/snort.conf
> as the vulnerability is in this module. Of course you will loose some 
> information. But saver is better ;-)
> [1] 
> (http://www.heise.de/newsticker/result.xhtml?url=/newsticker/data/pab-16.04.03-000/default.shtml&words=Snort)

Thank you for the information.
I had a quick look on the bug tracking system for Debian and found
information for the RPC decoder exploit, so have commented that out.

I'll now disable what's been suggested and wait for a DSA.

Thanks for the information on this Marcel.
Kind regards,
 .''`.     David Ramsden <david@hexstream.eu.org>
: :'  :    http://portal.hexstream.eu.org/
`. `'`     PGP key ID: 507B379B on wwwkeys.pgp.net
  `-  Debian - when you have better things to do than to fix a system.

Attachment: pgpc4fY_aOUZP.pgp
Description: PGP signature

Reply to: