[Dshield] Infocon Yellow: Snort Vulnerability

Joel Esler eslerj at gmail.com
Wed Oct 19 13:33:51 GMT 2005


FYI.  All you have to do is either update to version 2.4.3, or  
comment out the "bo" preprocessor in your snort.conf.

If you running < 2.4.0 (first of all i suggest you upgrade to 2.4.3),  
but you are not vulnerable.  Snort on.

Joel


On Oct 19, 2005, at 9:15 AM, Håkon Alstadheim wrote:

> Johannes B. Ullrich wrote:
>
>> We turned the infocon to 'yellow' this morning over the snort
>> vulnerability. For details, see
>> https://isc.sans.org/diary.php?storyid=772
>>
>>
> My first instinct upon seeing this was 'rcsnort stop', since I am only
> running small site, and I don't have time to pore over the snort-logs
> today anyway. Then I thought 'maybe that is the plan'. I'd say  
> watch out
> for other attacks that would normally be caught by snort in the
> following couple of days.
> -- 
> Håkon Alstadheim     (+47) 74 82 60 27 / 93 63 00 28
> 7510 Skatval
> http://alstadheim.priv.no/hakon/
>
>
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http:// 
> www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list