Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-users] Update on The Rule Matching Vulnerability published today

from [Mike Guiterman] Network Security [Permanent Link]
Subject: [Snort-users] Update on The Rule Matching Vulnerability published today
Date: Thu, 11 Jan 2007 17:28:13 -0500 
Hi everyone,

Thanks to Randy Smith, Christian Estan, and Somesh Jha of the University 
of Wisconsin-Madison for reporting the Rule Matching Backtrack Denial of 
Service Vulnerability.   This issue was fixed in v2.6.1.  We recommend 
users update to the current release 2.6.1.2

There seems to be some confusion over whether or not the current release 
is vulnerable.  Some users reported seeing published information where 
v2.6.1 appeared vulnerable.   We looked into the reports and found that 
it is simply an unusual way that Security Focus displays version 
numbers. In the 4 digit format they use a space in place of a 0, ie. 
where it the entry lists " 2.6. 1" the version number should read 2.6.0.1. 

Bugtraq information is located at:  http://www.securityfocus.com/bid/21991
-- 

Mike Guiterman

Snort Community Manager

Sourcefire, Inc.

mguiterman@sourcefire.com

(410)423-1930


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-users] Update on The Rule Matching Vulnerability published today, Mike Guiterman <=
Previous by Date:  [Snort-users] Snort Advisory - integer underflow issue, Steve Kane
Next by Date:  Re: [Snort-users] [Snort-devel] Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability (fwd), Martin Roesch
Previous by Thread:  [Snort-users] Snort Advisory - integer underflow issue, Steve Kane
Next by Thread:  Re: [Snort-users] Seattle Snort User Group meets TOMORROW 1/16/2007 at 7:00 PM at SSCC RAH304, James Affeld
Indexes:  [Date] [Thread] [Top] [All Lists]