Bug 42287 (CVE-2003-0033)

Summary: VUL-0: CVE-2003-0033: snort vulnerability not fixed in patch-7330 (CAN-2003-0033)
Product: [Novell Products] SUSE Security Incidents Reporter: Ademar de Souza Reis Jr. <ademar>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: meissner
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2003-0033: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ademar de Souza Reis Jr. 2003-06-07 01:04:19 UTC 
There's no reference to CAN-2003-0033 in the latest released snort fix
(snort-1.8.7b128-224).

I haven't checked the code in detail becase I don't know exactly what to look
for :) - we didn't release a patched snort for this vulnerability, we just
bumped snort to 1.9.1.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0033
http://www.kb.cert.org/vuls/id/916785
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000613&idioma=en

"""
Any version starting with version 1.8 to those before 2003-03-03 1PM/
US/Eastern including 1.9.0 and CVS HEAD (Snort 2.0beta)

A buffer overflow has been found in the snort RPC normalization
routines by ISS X-Force.  This can cause snort to execute arbitrary
code embedded within sniffed network packets. This preprocessor is
enabled by default.
"""
Comment 1 Lars Müller 2003-06-10 17:28:59 UTC 
Add Klaus to inform him.
Comment 2 Klaus Singvogel 2003-06-10 20:43:27 UTC 
Fixes are already made for old SuSE distributions. 
Don't know, if released.  --> security-team assigned.
Comment 3 Ademar de Souza Reis Jr. 2003-06-13 21:55:34 UTC 
Could anyone please inform the status of this ticket?

I have the UL snort announcement pending because of this vuln
(I don't want to release the snort announcement without fixing this).

Thanks.
Comment 4 Klaus Singvogel 2003-06-17 21:02:54 UTC 
After short discussion with krahmer@suse.de we found another problem. 
Patches are made and importated to src trees of SL: 7.2, 7.3, 8.0, 8.1
Comment 5 Ademar de Souza Reis Jr. 2003-06-17 21:07:34 UTC 
Could you please describe what this "another problem" is? Was it discovered by
you or is it documented somewhere?
Comment 6 Klaus Singvogel 2003-06-17 21:57:15 UTC 
I first thought that this is the stream4 processor problem (-> bugzilla#26790), but detected that 
there exists a security, which affects the rpc code either. This has been fixed now. 
 
Documentation will, as always :-),  be found in the snort.spm (in the spec file). :-)
Comment 7 Ademar de Souza Reis Jr. 2003-06-17 22:24:40 UTC 
"I first thought that this is the stream4 processor problem (-> bugzilla#26790),
but detected that there exists a security, which affects the rpc code either.
This has been fixed now."

That is exactly what I have reported (see my original post).

I was concerned about you saying "another problem", but now I understand there's
no "another problem" :-). And no, I can't download the snort.src.rpm until it's
available in the UL repository :-). And yes, I would have to know if there's
another vulnerability in snort before it's available for download :-).
Comment 8 Klaus Singvogel 2003-06-17 22:32:37 UTC 
I'm sorry about my misunderstanding.
Comment 9 Thomas Biege 2003-07-07 14:39:14 UTC 
new packages are out now
Comment 10 Thomas Biege 2009-10-13 19:35:01 UTC 
CVE-2003-0033: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)