 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.50713 |
| Kategorie: | Mandrake Local Security Checks |
| Titel: | Mandrake Security Advisory MDKSA-2003:052 (snort) |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing an update to snort announced via advisory MDKSA-2003:052. An integer overflow was discovered in the Snort stream4 preprocessor by the Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certainm sequence number ranges. This can lead to an integer overflow that can in turn lead to a heap overflow that can be exploited to perform a denial of service (DoS) or even remote command excution on the host running Snort. Disabling the stream4 preprocessor will make Snort invulnerable to this attack, and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8 through 1.9.1 are vulnerable. Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0209 http://www.snort.org/advisories/snort-2003-04-16-1.txt Risk factor : Critical CVSS Score: 10.0 |
| Querverweis: |
BugTraq ID: 7178 Common Vulnerability Exposure (CVE) ID: CVE-2003-0209 http://www.securityfocus.com/bid/7178 Bugtraq: 20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=105043563016235&w=2 Bugtraq: 20030422 GLSA: snort (200304-05) (Google Search) http://marc.info/?l=bugtraq&m=105103586927007&w=2 Bugtraq: 20030423 Snort <=1.9.1 exploit (Google Search) http://marc.info/?l=bugtraq&m=105111217731583&w=2 Bugtraq: 20030428 GLSA: snort (200304-06) (Google Search) http://marc.info/?l=bugtraq&m=105154530427824&w=2 http://www.cert.org/advisories/CA-2003-13.html CERT/CC vulnerability note: VU#139129 http://www.kb.cert.org/vuls/id/139129 Debian Security Information: DSA-297 (Google Search) http://www.debian.org/security/2003/dsa-297 En Garde Linux Advisory: ESA-20030430-013 http://marc.info/?l=bugtraq&m=105172790914107&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:052 http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |