---

Home Infrastructure

Mandrake Linux Advisories: snort, file

By 

______________________________________________________________________

                Mandrake Linux Security Update Advisory
______________________________________________________________________

Package name:           snort
Advisory ID:            MDKSA-2003:029
Date:                   March 6th, 2003

Affected versions:      8.2, 9.0, Corporate Server 2.1,
                        Multi Network Firewall 8.2
______________________________________________________________________

Problem Description:

 A buffer overflow was discovered in the snort RPC normalization 
 routines by ISS-XForce which can cause snort to execute arbitrary
 code embedded within sniffed network packets.  The rpc_decode
 preprocessor is enabled by default.  The snort developers have
 released version 1.9.1 to correct this behaviour; snort versions
 from 1.8 up to 1.9.0 are vulnerable.
 
 For those unable to upgrade, you can disable the rpc_decode
 preprocessor by commenting out the line (place a "#" character at the
 beginning of the line) that enables it in your snort.conf file:
 
   preprocessor rpc_decode
______________________________________________________________________

References:
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0033
  http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951
______________________________________________________________________

Updated Packages:
  
 Corporate Server 2.1:
 aed5bc0f501bec95c6110e753c9e7576  corporate/2.1/RPMS/snort-1.9.1-0.5mdk.i586.rpm
 a5e53d9dc3a6bebee3f459de003df099  corporate/2.1/RPMS/snort-bloat-1.9.1-0.5mdk.i586.rpm
 9d2fd8aa78d60f8269699a3f142c99df  corporate/2.1/RPMS/snort-mysql+flexresp-1.9.1-0.5mdk.i586.rpm/
 4c583a0b0fec82ab294dbf9f915e5162  corporate/2.1/RPMS/snort-mysql-1.9.1-0.5mdk.i586.rpm
 33dc8b65d8b1433b97e2a99ff028643a  corporate/2.1/RPMS/snort-plain+flexresp-1.9.1-0.5mdk.i586.rpm/
 ac6844f1ff9ccad11eda39fe9a1e9e78  corporate/2.1/RPMS/snort-postgresql+flexresp-1.9.1-0.5mdk.i586.rpm/
 01f6055d48c5bae0ab4b817f04266f78  corporate/2.1/RPMS/snort-postgresql-1.9.1-0.5mdk.i586.rpm
 7c97ccb58d642ed4f2f8580a45c523e1  corporate/2.1/RPMS/snort-snmp+flexresp-1.9.1-0.5mdk.i586.rpm/
 144fa048876c48deb221b3043fb0aecc  corporate/2.1/RPMS/snort-snmp-1.9.1-0.5mdk.i586.rpm
 ef562cbb98283d22901de5cfb140bd74  corporate/2.1/SRPMS/snort-1.9.1-0.5mdk.src.rpm

 Mandrake Linux 8.2:
 f7cfb0fb965554a60d657fc594fadeeb  8.2/RPMS/snort-1.9.1-0.5mdk.i586.rpm
 77655d27818f85eaae6a13ed6992f173  8.2/RPMS/snort-bloat-1.9.1-0.5mdk.i586.rpm
 00a4000c4b1bc32dacfd00398b5425c4  8.2/RPMS/snort-mysql+flexresp-1.9.1-0.5mdk.i586.rpm/
 97f2fb8aa79b0ed616d9e0f736662207  8.2/RPMS/snort-mysql-1.9.1-0.5mdk.i586.rpm
 2133b17ebc9ca83bd275cd3e37c8eb2a  8.2/RPMS/snort-plain+flexresp-1.9.1-0.5mdk.i586.rpm/
 d741bd9b1353052cbe307110e3c87e07  8.2/RPMS/snort-postgresql+flexresp-1.9.1-0.5mdk.i586.rpm/
 09ba4814f7425509674336d1b3b3785c  8.2/RPMS/snort-postgresql-1.9.1-0.5mdk.i586.rpm
 48825e8a17b6e0e5d0befd946f6d121a  8.2/RPMS/snort-snmp+flexresp-1.9.1-0.5mdk.i586.rpm/
 f1299dd610d6123e4a2fbc57b8bb236e  8.2/RPMS/snort-snmp-1.9.1-0.5mdk.i586.rpm
 ef562cbb98283d22901de5cfb140bd74  8.2/SRPMS/snort-1.9.1-0.5mdk.src.rpm

 Mandrake Linux 8.2/PPC:
 2aae5a783e1a82f3f38d98e67c170eb9  ppc/8.2/RPMS/snort-1.9.1-0.5mdk.ppc.rpm
 f1f3b46486d44c2e76fd624639baebcd  ppc/8.2/RPMS/snort-bloat-1.9.1-0.5mdk.ppc.rpm
 e0e1bc873105bf81e222d1e317e9e57e  ppc/8.2/RPMS/snort-mysql+flexresp-1.9.1-0.5mdk.ppc.rpm/
 b222b67d5d8077d219d68ad7646f08f2  ppc/8.2/RPMS/snort-mysql-1.9.1-0.5mdk.ppc.rpm
 ca860494b870da6bc119b2c4d11e23c4  ppc/8.2/RPMS/snort-plain+flexresp-1.9.1-0.5mdk.ppc.rpm/
 93b616cdcbca59011d9f4134ff6c81eb  ppc/8.2/RPMS/snort-postgresql+flexresp-1.9.1-0.5mdk.ppc.rpm/
 e37557949ba3cfcc76a8393c7cdc0fbb  ppc/8.2/RPMS/snort-postgresql-1.9.1-0.5mdk.ppc.rpm
 161d7abfea496d73b1546f59769c34fe  ppc/8.2/RPMS/snort-snmp+flexresp-1.9.1-0.5mdk.ppc.rpm/
 d43d723214b0036724052bf9b922bf43  ppc/8.2/RPMS/snort-snmp-1.9.1-0.5mdk.ppc.rpm
 ef562cbb98283d22901de5cfb140bd74  ppc/8.2/SRPMS/snort-1.9.1-0.5mdk.src.rpm

 Mandrake Linux 9.0:
 aed5bc0f501bec95c6110e753c9e7576  9.0/RPMS/snort-1.9.1-0.5mdk.i586.rpm
 a5e53d9dc3a6bebee3f459de003df099  9.0/RPMS/snort-bloat-1.9.1-0.5mdk.i586.rpm
 9d2fd8aa78d60f8269699a3f142c99df  9.0/RPMS/snort-mysql+flexresp-1.9.1-0.5mdk.i586.rpm/
 4c583a0b0fec82ab294dbf9f915e5162  9.0/RPMS/snort-mysql-1.9.1-0.5mdk.i586.rpm
 33dc8b65d8b1433b97e2a99ff028643a  9.0/RPMS/snort-plain+flexresp-1.9.1-0.5mdk.i586.rpm/
 ac6844f1ff9ccad11eda39fe9a1e9e78  9.0/RPMS/snort-postgresql+flexresp-1.9.1-0.5mdk.i586.rpm/
 01f6055d48c5bae0ab4b817f04266f78  9.0/RPMS/snort-postgresql-1.9.1-0.5mdk.i586.rpm
 7c97ccb58d642ed4f2f8580a45c523e1  9.0/RPMS/snort-snmp+flexresp-1.9.1-0.5mdk.i586.rpm/
 144fa048876c48deb221b3043fb0aecc  9.0/RPMS/snort-snmp-1.9.1-0.5mdk.i586.rpm
 ef562cbb98283d22901de5cfb140bd74  9.0/SRPMS/snort-1.9.1-0.5mdk.src.rpm

 Multi Network Firewall 8.2:
 f7cfb0fb965554a60d657fc594fadeeb  mnf8.2/RPMS/snort-1.9.1-0.5mdk.i586.rpm
 ef562cbb98283d22901de5cfb140bd74  mnf8.2/SRPMS/snort-1.9.1-0.5mdk.src.rpm
______________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
______________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig <filename>

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>

______________________________________________________________________

                Mandrake Linux Security Update Advisory
______________________________________________________________________

Package name:           file
Advisory ID:            MDKSA-2003:030
Date:                   March 6th, 2003

Affected versions:      7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 2.1,
                        Single Network Firewall 7.2
______________________________________________________________________

Problem Description:

 A memory allocation problem in file was found by Jeff Johnson, and a 
 stack overflow corruption problem was found by David Endler.  These 
 problems have been corrected in file version 3.41 and likely affect 
 all previous version.  These problems pose a security threat as they
 can be used to execute arbitrary code by an attacker under the 
 privileges of another user.  Note that the attacker must first
 somehow convince the target user to execute file against a specially
 crafted file that triggers the buffer overflow in file.
______________________________________________________________________

References:
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0102
  http://www.idefense.com/advisory/03.04.03.txt
______________________________________________________________________

Updated Packages:
  
 Corporate Server 2.1:
 518493f1a79abf93011e70abfcb0677a  corporate/2.1/RPMS/file-3.41-1.1mdk.i586.rpm
 e1baae959f60cf3b8d8fe3dda9c4f71e  corporate/2.1/SRPMS/file-3.41-1.1mdk.src.rpm

 Linux-Mandrake 7.2:
 095c2b08eac93b171448eb8a9f1c1ef1  7.2/RPMS/file-3.41-1.1mdk.i586.rpm
 e1baae959f60cf3b8d8fe3dda9c4f71e  7.2/SRPMS/file-3.41-1.1mdk.src.rpm

 Mandrake Linux 8.0:
 47a821812ce592e995615c8e268333c7  8.0/RPMS/file-3.41-1.1mdk.i586.rpm
 e1baae959f60cf3b8d8fe3dda9c4f71e  8.0/SRPMS/file-3.41-1.1mdk.src.rpm

 Mandrake Linux 8.0/PPC:
 8bcd230d29322f2c486c4834d670410e  ppc/8.0/RPMS/file-3.41-1.1mdk.ppc.rpm
 e1baae959f60cf3b8d8fe3dda9c4f71e  ppc/8.0/SRPMS/file-3.41-1.1mdk.src.rpm

 Mandrake Linux 8.1:
 8483c0f20b6324217ad8fa30d6ac1277  8.1/RPMS/file-3.41-1.1mdk.i586.rpm
 e1baae959f60cf3b8d8fe3dda9c4f71e  8.1/SRPMS/file-3.41-1.1mdk.src.rpm

 Mandrake Linux 8.1/IA64:
 949417f7c98c472b6334e45124754bfa  ia64/8.1/RPMS/file-3.41-1.1mdk.ia64.rpm
 e1baae959f60cf3b8d8fe3dda9c4f71e  ia64/8.1/SRPMS/file-3.41-1.1mdk.src.rpm

 Mandrake Linux 8.2:
 569bdc3120f253b9317a24e956499cb4  8.2/RPMS/file-3.41-1.1mdk.i586.rpm
 e1baae959f60cf3b8d8fe3dda9c4f71e  8.2/SRPMS/file-3.41-1.1mdk.src.rpm

 Mandrake Linux 8.2/PPC:
 8bab0210d9ad42e7facc76db95a39532  ppc/8.2/RPMS/file-3.41-1.1mdk.ppc.rpm
 e1baae959f60cf3b8d8fe3dda9c4f71e  ppc/8.2/SRPMS/file-3.41-1.1mdk.src.rpm

 Mandrake Linux 9.0:
 518493f1a79abf93011e70abfcb0677a  9.0/RPMS/file-3.41-1.1mdk.i586.rpm
 e1baae959f60cf3b8d8fe3dda9c4f71e  9.0/SRPMS/file-3.41-1.1mdk.src.rpm

 Single Network Firewall 7.2:
 095c2b08eac93b171448eb8a9f1c1ef1  snf7.2/RPMS/file-3.41-1.1mdk.i586.rpm
 e1baae959f60cf3b8d8fe3dda9c4f71e  snf7.2/SRPMS/file-3.41-1.1mdk.src.rpm
______________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
______________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig <filename>

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.