karasz
/
package-update
1
0
Fork 0
Code Issues Releases Activity
Browse Source

* updated snort (2.4.4 -> 2.6.1.3) 

* flagged snort NOPARALLEL (this problem is know upstream)
	* removed obsolete patch


git-svn-id: svn://svn.opensde.net/opensde/package/trunk@20190 10447126-35f2-4685-b0cf-6dd780d3921f
early
Christian Wiese 18 years ago
parent
0de5d2e5db
commit
c442de91b0
2 changed files with 8 additions and 197 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 192
      security/snort/CVE-2006-2769.patch
  2. 13
      security/snort/snort.desc

192
security/snort/CVE-2006-2769.patch
Unescape View File

@ -1,192 +0,0 @@
# --- T2-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# T2 SDE: package/.../snort/CVE-2006-2769.patch
# Copyright (C) 2006 The T2 SDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- T2-COPYRIGHT-NOTE-END ---
diff -Nur snort-2.4.4-orig/src/preprocessors/HttpInspect/client/hi_client.c snort-2.4.4/src/preprocessors/HttpInspect/client/hi_client.c
--- snort-2.4.4-orig/src/preprocessors/HttpInspect/client/hi_client.c 2005-03-16 21:52:18.000000000 +0000
+++ snort-2.4.4/src/preprocessors/HttpInspect/client/hi_client.c 2006-06-02 20:39:43.000000000 +0000
@@ -40,6 +40,7 @@
#define URI_END 1
#define NO_URI -1
+#define CR_IN_URI 18
#define INVALID_HEX_VAL -1
/**
@@ -455,6 +456,11 @@
return URI_END;
}
+ if(isspace(**ptr) )
+ {
+ return CR_IN_URI;
+ }
+
return NO_URI;
}
@@ -1345,8 +1351,21 @@
*/
break;
}
+ else if(iRet == CR_IN_URI)
+ {
+ if(hi_eo_generate_event(Session,ServerConf->non_std_cr.alert))
+ {
+ hi_eo_client_event_log(Session,ServerConf->non_std_cr.alert,
+ NULL, NULL);
+ }
+ break;
+ }
+
+
+
else /* NO_URI */
{
+
/*
** Check for chunk encoding, because the delimiter can
** also be a space, which would look like a pipeline request
diff -Nur snort-2.4.4-orig/src/preprocessors/HttpInspect/event_output/hi_eo_log.c snort-2.4.4/src/preprocessors/HttpInspect/event_output/hi_eo_log.c
--- snort-2.4.4-orig/src/preprocessors/HttpInspect/event_output/hi_eo_log.c 2004-03-11 22:25:53.000000000 +0000
+++ snort-2.4.4/src/preprocessors/HttpInspect/event_output/hi_eo_log.c 2006-06-02 20:39:43.000000000 +0000
@@ -64,7 +64,9 @@
{HI_EO_CLIENT_PROXY_USE, HI_EO_LOW_PRIORITY,
HI_EO_CLIENT_PROXY_USE_STR },
{HI_EO_CLIENT_WEBROOT_DIR, HI_EO_HIGH_PRIORITY,
- HI_EO_CLIENT_WEBROOT_DIR_STR }
+ HI_EO_CLIENT_WEBROOT_DIR_STR },
+ { HI_EO_CLIENT_CR_IN_URI, HI_EO_MED_PRIORITY,
+ HI_EO_CLIENT_CR_IN_URI_STR },
};
static HI_EVENT_INFO anom_server_event_info[HI_EO_ANOM_SERVER_EVENT_NUM] = {
diff -Nur snort-2.4.4-orig/src/preprocessors/HttpInspect/include/hi_eo_events.h snort-2.4.4/src/preprocessors/HttpInspect/include/hi_eo_events.h
--- snort-2.4.4-orig/src/preprocessors/HttpInspect/include/hi_eo_events.h 2004-03-11 22:25:53.000000000 +0000
+++ snort-2.4.4/src/preprocessors/HttpInspect/include/hi_eo_events.h 2006-06-02 20:39:43.000000000 +0000
@@ -24,13 +24,14 @@
#define HI_EO_CLIENT_LARGE_CHUNK 15 /* done */
#define HI_EO_CLIENT_PROXY_USE 16 /* done */
#define HI_EO_CLIENT_WEBROOT_DIR 17 /* done */
+#define HI_EO_CLIENT_CR_IN_URI 18 /* done */
/*
** IMPORTANT:
** Every time you add a client event, this number must be
** incremented.
*/
-#define HI_EO_CLIENT_EVENT_NUM 18
+#define HI_EO_CLIENT_EVENT_NUM 19
/*
** These defines are the alert names for each event
@@ -71,6 +72,8 @@
"(http_inspect) UNAUTHORIZED PROXY USE DETECTED"
#define HI_EO_CLIENT_WEBROOT_DIR_STR \
"(http_inspect) WEBROOT DIRECTORY TRAVERSAL"
+#define HI_EO_CLIENT_CR_IN_URI_STR \
+ "(http_inspect) NON-STD CARRIAGE RETURN IN URI"
/*
** Anomalous Server Events
diff -Nur snort-2.4.4-orig/src/preprocessors/HttpInspect/include/hi_ui_config.h snort-2.4.4/src/preprocessors/HttpInspect/include/hi_ui_config.h
--- snort-2.4.4-orig/src/preprocessors/HttpInspect/include/hi_ui_config.h 2005-03-16 21:52:18.000000000 +0000
+++ snort-2.4.4/src/preprocessors/HttpInspect/include/hi_ui_config.h 2006-06-02 20:39:43.000000000 +0000
@@ -113,6 +113,7 @@
HTTPINSPECT_CONF_OPT webroot;
HTTPINSPECT_CONF_OPT apache_whitespace;
HTTPINSPECT_CONF_OPT iis_delimiter;
+ HTTPINSPECT_CONF_OPT non_std_cr;
} HTTPINSPECT_CONF;
diff -Nur snort-2.4.4-orig/src/preprocessors/HttpInspect/user_interface/hi_ui_config.c snort-2.4.4/src/preprocessors/HttpInspect/user_interface/hi_ui_config.c
--- snort-2.4.4-orig/src/preprocessors/HttpInspect/user_interface/hi_ui_config.c 2005-03-16 21:52:19.000000000 +0000
+++ snort-2.4.4/src/preprocessors/HttpInspect/user_interface/hi_ui_config.c 2006-06-02 20:39:43.000000000 +0000
@@ -117,6 +117,9 @@
GlobalConf->global_server.non_strict = 1;
+ GlobalConf->global_server.non_std_cr.on = 1;
+ GlobalConf->global_server.non_std_cr.alert = 1;
+
return HI_SUCCESS;
}
@@ -209,6 +212,9 @@
ServerConf->tab_uri_delimiter = 1;
+ ServerConf->non_std_cr.on = 1;
+ ServerConf->non_std_cr.alert = 1;
+
return HI_SUCCESS;
}
@@ -279,6 +285,9 @@
ServerConf->non_strict = 1;
+ ServerConf->non_std_cr.on = 1;
+ ServerConf->non_std_cr.alert = 1;
+
return HI_SUCCESS;
}
@@ -349,6 +358,9 @@
ServerConf->tab_uri_delimiter = 1;
+ ServerConf->non_std_cr.on = 1;
+ ServerConf->non_std_cr.alert = 1;
+
return HI_SUCCESS;
}
diff -Nur snort-2.4.4-orig/src/preprocessors/snort_httpinspect.c snort-2.4.4/src/preprocessors/snort_httpinspect.c
--- snort-2.4.4-orig/src/preprocessors/snort_httpinspect.c 2005-08-23 15:52:19.000000000 +0000
+++ snort-2.4.4/src/preprocessors/snort_httpinspect.c 2006-06-02 20:39:43.000000000 +0000
@@ -134,6 +134,7 @@
#define GLOBAL_ALERT "no_alerts"
#define WEBROOT "webroot"
#define TAB_URI_DELIMITER "tab_uri_delimiter"
+#define NON_STD_CR "non_std_cr"
/*
** Alert subkeywords
@@ -1449,6 +1450,15 @@
return iRet;
}
}
+ else if(!strcmp(NON_STD_CR, pcToken))
+ {
+ ConfOpt = &ServerConf->non_std_cr;
+ if((iRet = ProcessConfOpt(ConfOpt, NON_STD_CR,
+ ErrorString, ErrStrLen)))
+ {
+ return iRet;
+ }
+ }
else if(!strcmp(IIS_BACKSLASH, pcToken))
{
ConfOpt = &ServerConf->iis_backslash;
@@ -1583,6 +1593,7 @@
PrintConfOpt(&ServerConf->webroot, "Web Root Traversal");
PrintConfOpt(&ServerConf->apache_whitespace, "Apache WhiteSpace");
PrintConfOpt(&ServerConf->iis_delimiter, "IIS Delimiter");
+ PrintConfOpt(&ServerConf->non_std_cr, "Non-Std Carriage Return");
if(ServerConf->iis_unicode_map_filename)
{

13
security/snort/snort.desc
Unescape View File

@ -1,7 +1,8 @@
[COPY] --- T2-COPYRIGHT-NOTE-BEGIN ---
[COPY] --- SDE-COPYRIGHT-NOTE-BEGIN ---
[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
[COPY]
[COPY] T2 SDE: package/.../snort/snort.desc
[COPY] Filename: package/.../snort/snort.desc
[COPY] Copyright (C) 2007 The OpenSDE Project
[COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
[COPY] Copyright (C) 1998 - 2003 Clifford Wolf
[COPY]
@ -11,7 +12,7 @@
[COPY] it under the terms of the GNU General Public License as published by
[COPY] the Free Software Foundation; version 2 of the License. A copy of the
[COPY] GNU General Public License can be found in the file COPYING.
[COPY] --- T2-COPYRIGHT-NOTE-END ---
[COPY] --- SDE-COPYRIGHT-NOTE-END ---
[I] An open source network intrusion detection system
@ -26,10 +27,12 @@
[C] extra/network
[F] NOPARALLEL
[L] GPL
[S] Stable
[V] 2.4.4
[V] 2.6.1.3
[P] X -----5---9 222.000
[D] 561720478 snort-2.4.4.tar.gz http://www.snort.org/dl/current/
[D] 2873477878 snort-2.6.1.3.tar.gz http://www.snort.org/dl/current/
[D] 200629638 snortrules-pr-2.4.tar.gz http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/

Write Preview
Loading…
Cancel
Save