From 0519551e56fd1dedcb1fd923bff7785052be1e96 Mon Sep 17 00:00:00 2001 From: salo Date: Wed, 16 Apr 2003 06:37:19 +0000 Subject: Updated to version 2.0.0. IMPORTANT: This version fixes remotely exploitable heap overflow in the stream4 preprocessor module. Advisory: http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10 Changes: 2.0.0: ====== - Enhanced high-performance detection engine - Stateful Pattern Matching - New detection keywords: byte_test & byte_jump - The Snort code base has undergone an external third party professional security audit funded by Sourcefire (http://www.sourcefire.com) - Many new and updated rules - snort.conf has been updated - Enhancements to self preservation mechanisms in stream4 and frag2 - State tracking fixes in stream4 - New HTTP flow analyzer - Enhanced protocol decoding (TCP options, 802.1q, etc) - Enhanced protocol anomaly detection (IP, TCP, UDP, ICMP, RPC, HTTP, etc) - Enhanced flexresp mode for real-time TCP session sniping - Better chroot()'ing - Tagging system updated - Several million bugs addressed.... - Updated FAQ (thanks to Erek Adams and Dragos Ruiu) Snort 2.0 can be downloaded at http://www.snort.org/dl/snort-2.0.0.tar.gz. Binary versions of the codebase will be built over the next several days and made available at here. 2.0.rc4: ======== - byte_jump/byte_test don't force relative content options - byte_jump/byte_test absolute offsets work - Better FIN handling in Stream4 2.0.rc3: ======== - A low memory usage detection method (enabled via "config detection: search-method lowmem") - Moved the default unix socket location to LOGDIR 2.0.rc2: ======== - syslog should work on win32 and unix - major tagging updates - new UDP decoding alerts - snort.conf updates 2.0.rc1: ======== - Higher performance (due to a new pattern matcher and rebuilt detection engine) - Better decoders - Enhanced stream reassembly and defragmentation - Tons of bug fixes - Updated rules - Updated snort.conf - New detection keywords (byte_test, byte_jump, distance, within) & stateful pattern matching - New HTTP flow analyzer - Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc) - Better self preservation in stateful subsystems - Xrefs fixed - Flexresp works faster and more effectively - Better chroot()'ing - Fixed 802.1q decoding - Better async state handling - New alerting option: -A cmg!! --- net/snort/Makefile.common | 20 ++++++++------------ net/snort/PLIST | 9 +++------ net/snort/distinfo | 12 ++++++------ net/snort/patches/patch-aa | 16 ++++++++-------- net/snort/patches/patch-ad | 20 ++++++++++---------- net/snort/patches/patch-ae | 10 +++++----- 6 files changed, 40 insertions(+), 47 deletions(-) (limited to 'net') diff --git a/net/snort/Makefile.common b/net/snort/Makefile.common index 697169dcfc8..858d2790380 100644 --- a/net/snort/Makefile.common +++ b/net/snort/Makefile.common @@ -1,21 +1,17 @@ -# $NetBSD: Makefile.common,v 1.7 2003/03/04 01:02:25 salo Exp $ +# $NetBSD: Makefile.common,v 1.8 2003/04/16 06:37:19 salo Exp $ # -DISTNAME= snort-1.9.1 +DISTNAME= snort-2.0.0 CATEGORIES= net security -MASTER_SITES= http://www.snort.org/releases/ \ +MASTER_SITES= http://www.snort.org/dl/ \ ftp://the.wiretapped.net/pub/security/network-intrusion-detection/snort/ \ - http://www.centus.com/snort/ \ - http://snort.whitehats.com/ \ - http://snort.safenetworks.com/ \ - ftp://gd.tuwien.ac.at/infosys/security/snort/ \ - http://snort.sourcefire.com/releases/ + ftp://gd.tuwien.ac.at/infosys/security/snort/dl/ -MAINTAINER= packages@netbsd.org +MAINTAINER= salo@netbsd.org HOMEPAGE= http://www.snort.org/ -USE_PKGINSTALL= YES -GNU_CONFIGURE= YES +USE_PKGINSTALL= YES +GNU_CONFIGURE= YES CONFIGURE_ARGS+= --with-libpcap-includes=${BUILDLINK_PREFIX.libpcap}/include CONFIGURE_ARGS+= --with-libpcap-libraries=${BUILDLINK_PREFIX.libpcap}/lib @@ -56,7 +52,7 @@ post-install: done ${INSTALL_DATA_DIR} ${PREFIX}/share/snort/rules cd ${WRKSRC}/etc ; \ - for i in *.map *.txt sid ; do \ + for i in *.map sid ; do \ ${INSTALL_DATA} $$i ${PREFIX}/share/snort/rules ; \ done cd ${WRKSRC}/rules ; \ diff --git a/net/snort/PLIST b/net/snort/PLIST index c24cb079597..571c2fabcdf 100644 --- a/net/snort/PLIST +++ b/net/snort/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.8 2003/03/04 01:02:25 salo Exp $ +@comment $NetBSD: PLIST,v 1.9 2003/04/16 06:37:19 salo Exp $ bin/snort etc/rc.d/snort man/man8/snort.8 @@ -11,19 +11,16 @@ share/doc/snort/NEWS share/doc/snort/README share/doc/snort/README.FLEXRESP share/doc/snort/README.PLUGINS -share/doc/snort/README.SNMP share/doc/snort/README.csv share/doc/snort/README.database -share/doc/snort/README.xml share/doc/snort/RULES.todo share/doc/snort/SnortUsersManual.pdf share/doc/snort/TODO share/doc/snort/USAGE +share/doc/snort/snortman.tex share/examples/snort/classification.config share/examples/snort/reference.config share/examples/snort/snort.conf.default -share/snort/rules/SnortCommonMIB.txt -share/snort/rules/SnortIDAlertMIB.txt share/snort/rules/attack-responses.rules share/snort/rules/backdoor.rules share/snort/rules/bad-traffic.rules @@ -76,6 +73,6 @@ share/snort/rules/web-misc.rules share/snort/rules/web-php.rules share/snort/rules/x11.rules @dirrm share/snort/rules +@dirrm share/snort @dirrm share/examples/snort @dirrm share/doc/snort -@dirrm share/snort diff --git a/net/snort/distinfo b/net/snort/distinfo index 362518d1e9a..bd415f70140 100644 --- a/net/snort/distinfo +++ b/net/snort/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.14 2003/03/04 01:02:25 salo Exp $ +$NetBSD: distinfo,v 1.15 2003/04/16 06:37:19 salo Exp $ -SHA1 (snort-1.9.1.tar.gz) = a176beab3cac249da491d81081c0ca6d82fd405a -Size (snort-1.9.1.tar.gz) = 1466151 bytes -SHA1 (patch-aa) = ce6d9a13823dd1ca25a0ff250a3e134f71227ca4 +SHA1 (snort-2.0.0.tar.gz) = 1fdb5656b7a84439da0cd9118f5a977098f0652b +Size (snort-2.0.0.tar.gz) = 1556540 bytes +SHA1 (patch-aa) = 8cb1b83611eb6cf82197c9b27b91d967bfd4fcd7 SHA1 (patch-ab) = 0ea7deb91de5d3d68558a30e80dcbd8bd81f8a5e SHA1 (patch-ac) = 6cdf26fcaeb8dad9cd9562b77377bd56b49c9f38 -SHA1 (patch-ad) = 5472fc78db0c0668a1d8ff8f1c66eee6ba7f6a7e -SHA1 (patch-ae) = b402289267cebc0721104c6e8c8f7ce6a6b11a59 +SHA1 (patch-ad) = 6853a0e7105e97089bbee8a8abb535cef9f905f1 +SHA1 (patch-ae) = 5a5123c5352e87650a4ce91123a196c576f37ea8 diff --git a/net/snort/patches/patch-aa b/net/snort/patches/patch-aa index 3eaf24c2739..24f19f28302 100644 --- a/net/snort/patches/patch-aa +++ b/net/snort/patches/patch-aa @@ -1,8 +1,8 @@ -$NetBSD: patch-aa,v 1.8 2002/10/13 04:42:13 hubertf Exp $ +$NetBSD: patch-aa,v 1.9 2003/04/16 06:37:20 salo Exp $ ---- src/snort.c.orig Wed Sep 25 21:56:53 2002 -+++ src/snort.c -@@ -1437,6 +1437,19 @@ +--- src/snort.c.orig 2003-04-03 23:10:52.000000000 +0200 ++++ src/snort.c 2003-04-16 08:03:06.000000000 +0200 +@@ -1355,6 +1355,19 @@ break; @@ -22,12 +22,12 @@ $NetBSD: patch-aa,v 1.8 2002/10/13 04:42:13 hubertf Exp $ case DLT_PPP: /* point-to-point protocol */ if(!pv.readmode_flag) { -@@ -2193,7 +2206,7 @@ +@@ -1729,7 +1742,7 @@ + { struct stat st; - int found; int i; - char *conf_files[]={"/etc/snort.conf", "./snort.conf", NULL}; + char *conf_files[]={ PREFIX "/etc/snort.conf", "./snort.conf", NULL}; char *fname = NULL; - char *home_dir; - char *tmp; + char *home_dir = NULL; + char *rval = NULL; diff --git a/net/snort/patches/patch-ad b/net/snort/patches/patch-ad index 3795b8026e1..e4220a21f69 100644 --- a/net/snort/patches/patch-ad +++ b/net/snort/patches/patch-ad @@ -1,13 +1,13 @@ -$NetBSD: patch-ad,v 1.1 2002/10/13 04:42:13 hubertf Exp $ +$NetBSD: patch-ad,v 1.2 2003/04/16 06:37:20 salo Exp $ ---- src/Makefile.in.orig Sun Oct 13 05:25:01 2002 -+++ src/Makefile.in -@@ -59,7 +59,7 @@ - POST_UNINSTALL = : - host_alias = @host_alias@ - host_triplet = @host@ +--- src/Makefile.in.orig 2003-04-09 18:01:40.000000000 +0200 ++++ src/Makefile.in 2003-04-16 08:07:17.000000000 +0200 +@@ -67,7 +67,7 @@ + PATH_SEPARATOR = @PATH_SEPARATOR@ + AMTAR = @AMTAR@ + AWK = @AWK@ -CC = @CC@ +CC = @CC@ -DPREFIX=\"@prefix@\" - MAKEINFO = @MAKEINFO@ - PACKAGE = @PACKAGE@ - RANLIB = @RANLIB@ + DEPDIR = @DEPDIR@ + + INCLUDES = @INCLUDES@ diff --git a/net/snort/patches/patch-ae b/net/snort/patches/patch-ae index 34d7fe710f5..49b0ca26d84 100644 --- a/net/snort/patches/patch-ae +++ b/net/snort/patches/patch-ae @@ -1,7 +1,7 @@ -$NetBSD: patch-ae,v 1.1 2003/03/04 01:02:26 salo Exp $ +$NetBSD: patch-ae,v 1.2 2003/04/16 06:37:20 salo Exp $ ---- etc/snort.conf.orig 2003-02-23 20:29:24.000000000 +0100 -+++ etc/snort.conf 2003-03-04 00:51:11.000000000 +0100 +--- etc/snort.conf.orig 2003-04-03 23:10:50.000000000 +0200 ++++ etc/snort.conf 2003-04-16 08:09:48.000000000 +0200 @@ -99,7 +99,7 @@ var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] @@ -9,5 +9,5 @@ $NetBSD: patch-ae,v 1.1 2003/03/04 01:02:26 salo Exp $ -var RULE_PATH ../rules +var RULE_PATH @PREFIX@/share/snort/rules - ################################################### - # Step #2: Configure preprocessors + # Configure the snort decoder: + # ============================ -- cgit v1.2.3