Bug 129047 (CVE-2005-3252)

Summary: VUL-0: CVE-2005-3252: snort remote buffer overflow in backorifice dissector
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVE-2005-3252: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 117184    
Bug Blocks:    

Description Marcus Meissner 2005-10-18 15:06:53 UTC 
Hi Klaus, 
 
new snort problem... 
 
 
To: SuSE Security Team <security@suse.de> 
From: CERT Coordination Center <cert@cert.org> 
Cc: CERT Coordination Center <cert@cert.org> 
Subject: [security@suse.de] Vulnerability Notification [VU#175500] - suse 
Errors-To: security-bounces+meissner=suse.de@suse.de 
 
[-- PGP Ausgabe folgt (aktuelle Zeit: Di 18 Okt 2005 17:04:31 CEST) --] 
gpg: Unterschrift vom Di 18 Okt 2005 17:01:09 CEST, RSA Schlüssel ID 8E95B2F1 
gpg: Korrekte Unterschrift von "CERT Coordination Center <cert@cert.org>" 
gpg: Bitte ein --check-trustdb durchführen 
gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! 
gpg:          Es gibt keinen Hinweis, daß die Signatur wirklich dem 
vorgeblichen Besitzer gehört. 
Haupt-Fingerabdruck  = 64 61 C3 DA 0B 94 91 BF  BE 11 D6 AE 10 7B 3E C7 
gpg: WARNUNG: Botschaft wurde nicht integritätsgeschützt (integrity protected) 
 
[-- Ende der PGP-Ausgabe --] 
 
[-- BEGIN PGP MESSAGE --] 
 
 
Hello Folks, 
 
We've become aware of a buffer overflow in the Snort Back Orifice 
preprocessor that may allow a remote attacker to execute arbitrary 
code. This issue is publicly described at: 
 
   http://www.snort.org/pub-bin/snortnews.cgi#99 
 
In addition, we've published a US-CERT Vulnerability Note to address 
this issue, which is available at: 
 
  http://www.kb.cert.org/vuls/id/175500 
 
We are tracking this issue as VU#175500. Please include that number in 
the subject line of future email regarding this issue. 
 
Please begin to evaluate your products to determine if they are 
affected. If you provide us with a formal vendor statement regarding 
this issue, we will include it in our note. 
 
Thanks, 
 
-Jeff 
 
  [Jeffrey S. Gennari | CERT/CC | 1.412.268.7090 | http://www.cert.org]
Comment 1 Thomas Biege 2005-10-19 14:27:59 UTC 
VU#175500
Comment 2 Klaus Singvogel 2005-10-20 13:28:13 UTC 
Thanks.
What's the CAN/CVE number?
Comment 3 Marcus Meissner 2005-10-20 13:41:16 UTC 
CVE-2005-3252
Comment 4 Klaus Singvogel 2005-10-24 12:55:47 UTC 
Fixed packages submitted for all supported distris: SLES8, 9.0, SLES9, 9.2, 9.3, 10.0 (and all subversions).

security-team: please handle rest of process (remember: fix for bugzilla#117184 is included either). TIA.
Comment 5 Thomas Biege 2005-11-02 07:59:03 UTC 
AFAIK a remote exploit exists in the wild.
Comment 6 Thomas Biege 2005-11-02 10:45:35 UTC 
Maintenance-Tracker-2717
Comment 7 Thomas Biege 2005-11-02 10:51:02 UTC 
/work/src/done/PATCHINFO/snort.patch.maintained
/work/src/done/PATCHINFO/snort.patch.box
Comment 8 Ludwig Nussel 2005-11-07 12:11:53 UTC 
updates released
Comment 9 Thomas Biege 2009-10-13 21:42:20 UTC 
CVE-2005-3252: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)