Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Snort-devel] Re: [Snort-users] Bug(?): mysql reserved name usage

from [Steven Sturges] Network Security [Permanent Link]
Subject: RE: [Snort-devel] Re: [Snort-users] Bug(?): mysql reserved name usage
Date: Thu, 22 Sep 2005 09:38:08 -0400 
Wes--

Can you send us a patch for the code & script changes?

I think Jeremy was waiting for a response from someone
on the issue before he left, but never received anything.

Cheers.
-steve 


-----Original Message-----
From: snort-devel-admin@lists.sourceforge.net 
[mailto:snort-devel-admin@lists.sourceforge.net] On Behalf Of 
Wes Young
Sent: Thursday, September 22, 2005 9:01 AM
To: kliaaen@netscape.net
Cc: snort-users@lists.sourceforge.net; 
snort-devel@lists.sourceforge.net
Subject: [Snort-devel] Re: [Snort-users] Bug(?): mysql 
reserved name usage

I thought we brought this up back in june?
(http://archives.neohapsis.com/archives/snort/2005-06/0132.html)

Has no one fixed it yet??


kliaaen@netscape.net wrote:

Hello

[Please bear in mind that I'm not much of a programmer and that if 
this issue has been addressed already I'm just too thick to 

find it:)]


After upgrading to Snort 2.4.1 I discovered that when 

starting Snort it would die with a message about an incorrect 
DB schema version.

I deleted and re-created the database and when importing 

the SQL from schemas/create_mysql the database choked on a 
syntax error in the script. According to 
[http://dev.mysql.com/doc/mysql/en/reserved-words.html] the 
word SCHEMA is reserved and must be enclosed in quotes to be used.


This is solved by changing the syntax in 

schemas/create_mysql from "CREATE TABLE schema (...)" to 
"CREATE TABLE `schema` (...)" on line 23 and "INSERT INTO 
schema (...)" to "INSERT INTO `schema` (...)" on line 26.


To make Snort recognize the schema version it must be told 

to correctly quote the query on the schema table. There are 
already exceptions made for MS SQL in 
src/output-plugins/spo_database.c around line 1915.

I made the following addition at line 1933 (after the 

default schema query syntax) in the function 
CheckDBVersion(DatabaseData * data):

---
if (data->shared->dbtype_id == DB_MYSQL) { 
snprintf(select0,MAX_QUERY_LENGTH,
"SELECT vseq"
" FROM `schema`");
}
---

This overwrites the SQL query if the database is Mysql.
By making these simple changes Snort compiles cleanly and 

runs without problems.


I'm sure the Snort developers/maintainers can make a more 

suitable fix than the one I've outlined above.


Cheers!

__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at 
http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer Search from anywhere on 
the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. 
Download it for free - -and be entered to win a 42" plasma 

tv or your 

very own Sony(tm)PSP.  Click here to play: 
http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



--
Wes Young
Network Security Analyst
University at Buffalo
 -----------------------------------------------
| My Security Blog: | http://tinyurl.com/9av4k        |
| My RSS:         | http://tinyurl.com/ceopv  |
| My Life:        | http://tinyurl.com/l18g   |
 -----------------------------------------------


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App 
Server. Download it for free - -and be entered to win a 42" 
plasma tv or your very own Sony(tm)PSP.  Click here to play: 
http://sourceforge.net/geronimo.php
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel





-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] Snort Beer Question, Theodore Stout
Next by Date:  [Snort-users] installing snort, Omar F. Altom
Previous by Thread:  Re: [Snort-users] Bug(?): mysql reserved name usage, Wes Young
Next by Thread:  [Snort-users] installing snort, Omar F. Altom
Indexes:  [Date] [Thread] [Top] [All Lists]