Mandrake Security Advisory MDVSA-2009:259 (snort) Network Vulnerability

Summary

The remote host is missing an update to snort announced via advisory MDVSA-2009:259.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:259

Insight

preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. (CVE-2008-1804) The updated packages have been patched to prevent this. Affected: 2008.1

Severity

Classification

CVE CVE-2008-1804
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:108 (zsh)
Mandrake Security Advisory MDVSA-2009:145 (php)
Mandrake Security Advisory MDVSA-2009:120 (openssl)
Mandrake Security Advisory MDVSA-2009:206 (wget)
Mandrake Security Advisory MDVSA-2009:174 (perl-Compress-Raw-Zlib)

Take action and discover your vulnerabilities