Bug 129047 (CVE-2005-3252) - VUL-0: CVE-2005-3252: snort remote buffer overflow in backorifice dissector
Summary: VUL-0: CVE-2005-3252: snort remote buffer overflow in backorifice dissector
Status: RESOLVED FIXED
Alias: CVE-2005-3252
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-3252: CVSS v2 Base Score: 7....
Keywords:
Depends on: 117184
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-18 15:06 UTC by Marcus Meissner
Modified: 2021-11-22 10:23 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2005-10-18 15:06:53 UTC 
Hi Klaus, 
 
new snort problem... 
 
 
To: SuSE Security Team <security@suse.de> 
From: CERT Coordination Center <cert@cert.org> 
Cc: CERT Coordination Center <cert@cert.org> 
Subject: [security@suse.de] Vulnerability Notification [VU#175500] - suse 
Errors-To: security-bounces+meissner=suse.de@suse.de 
 
[-- PGP Ausgabe folgt (aktuelle Zeit: Di 18 Okt 2005 17:04:31 CEST) --] 
gpg: Unterschrift vom Di 18 Okt 2005 17:01:09 CEST, RSA Schlüssel ID 8E95B2F1 
gpg: Korrekte Unterschrift von "CERT Coordination Center <cert@cert.org>" 
gpg: Bitte ein --check-trustdb durchführen 
gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! 
gpg:          Es gibt keinen Hinweis, daß die Signatur wirklich dem 
vorgeblichen Besitzer gehört. 
Haupt-Fingerabdruck  = 64 61 C3 DA 0B 94 91 BF  BE 11 D6 AE 10 7B 3E C7 
gpg: WARNUNG: Botschaft wurde nicht integritätsgeschützt (integrity protected) 
 
[-- Ende der PGP-Ausgabe --] 
 
[-- BEGIN PGP MESSAGE --] 
 
 
Hello Folks, 
 
We've become aware of a buffer overflow in the Snort Back Orifice 
preprocessor that may allow a remote attacker to execute arbitrary 
code. This issue is publicly described at: 
 
   http://www.snort.org/pub-bin/snortnews.cgi#99 
 
In addition, we've published a US-CERT Vulnerability Note to address 
this issue, which is available at: 
 
  http://www.kb.cert.org/vuls/id/175500 
 
We are tracking this issue as VU#175500. Please include that number in 
the subject line of future email regarding this issue. 
 
Please begin to evaluate your products to determine if they are 
affected. If you provide us with a formal vendor statement regarding 
this issue, we will include it in our note. 
 
Thanks, 
 
-Jeff 
 
  [Jeffrey S. Gennari | CERT/CC | 1.412.268.7090 | http://www.cert.org]
Comment 1 Thomas Biege 2005-10-19 14:27:59 UTC 
VU#175500
Comment 2 Klaus Singvogel 2005-10-20 13:28:13 UTC 
Thanks.
What's the CAN/CVE number?
Comment 3 Marcus Meissner 2005-10-20 13:41:16 UTC 
CVE-2005-3252
Comment 4 Klaus Singvogel 2005-10-24 12:55:47 UTC 
Fixed packages submitted for all supported distris: SLES8, 9.0, SLES9, 9.2, 9.3, 10.0 (and all subversions).

security-team: please handle rest of process (remember: fix for bugzilla#117184 is included either). TIA.
Comment 5 Thomas Biege 2005-11-02 07:59:03 UTC 
AFAIK a remote exploit exists in the wild.
Comment 6 Thomas Biege 2005-11-02 10:45:35 UTC 
Maintenance-Tracker-2717
Comment 7 Thomas Biege 2005-11-02 10:51:02 UTC 
/work/src/done/PATCHINFO/snort.patch.maintained
/work/src/done/PATCHINFO/snort.patch.box
Comment 8 Ludwig Nussel 2005-11-07 12:11:53 UTC 
updates released
Comment 9 Thomas Biege 2009-10-13 21:42:20 UTC 
CVE-2005-3252: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)