Hi everyone,
Thanks to Randy Smith, Christian Estan, and Somesh Jha of the University
of Wisconsin-Madison for reporting the Rule Matching Backtrack Denial of
Service Vulnerability. This issue was fixed in v2.6.1. We recommend
users update to the current release 2.6.1.2
There seems to be some confusion over whether or not the current release
is vulnerable. Some users reported seeing published information where
v2.6.1 appeared vulnerable. We looked into the reports and found that
it is simply an unusual way that Security Focus displays version
numbers. In the 4 digit format they use a space in place of a 0, ie.
where it the entry lists " 2.6. 1" the version number should read 2.6.0.1.
Bugtraq information is located at: http://www.securityfocus.com/bid/21991
--
Mike Guiterman
Snort Community Manager
Sourcefire, Inc.
mguiterman@sourcefire.com
(410)423-1930
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
|