aru Posted March 7, 2003 Report Share Posted March 7, 2003 MandrakeSoft Security Advisory MDKSA-2003:029 : snort March 6th, 2003 Updated snort packages fix buffer overflow vulnerability A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable. For those unable to upgrade, you can disable the rpc_decode preprocessor by commenting out the line (place a "#" character at the beginning of the line) that enables it in your snort.conf file: preprocessor rpc_decode The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 8.2/PPC [*] 9.0 [*] Multi Network Firewall 8.2 [*] Corporate Server 2.1 All the information about this advisory is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:029 This stuff was posted automatically by aru Link to comment Share on other sites More sharing options...
Recommended Posts