Re: Snort exploit in wild.
On Fri, 25 Apr 2003 10:19:59 +0100, David Ramsden wrote:
>Noticed on vil.mcafee.com that a proof of concept exploit for Snort to
>exploit the vuln. found in v1.8 through to 1.9.1.
[...]
>What's the status of a patch from Debian Security? No DSA yet either.
>I know this has been brought up a few times already but now an exploit
>exists in the wild.
David, you probably want to look at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=173254
which I submitted after a previous discussion on this list (December
2002) about problems with the Debian stable Snort package being out of
date.
The general consensus of opinion (including the Debian packager) was
that *nobody* should even consider using the V1.8.4 Snort package in
Woody - it's much too old, and has a number of security issues.
Most people's advice was to stop using the Debian package, and instead
download & compile the latest source from www.snort.org, and keep
tracking new releases from there - and get signature updates from
there as well. This is what I do now.
Some people think Snort should actually be removed from the Debian
package collection, because it will always drift seriously out of date
over time, and because there's no easy way to incorporate up-to-date
signatures (rules) into Debian.
Cheers,
Nick Boyce
Bristol, UK
--
Boycott Amazon till they relent on the 1-click software patent
- http://www.gnu.org/philosophy/amazon.html
Reply to: