Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704)

[Vladimir Kunschikov via Snort-devel <snort-devel () lists snort org>]

I’ve googled out the list of ‘bundled components’ of Firepower, got from
there affected versions of the snort.
https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html#id_34002
seems like you are quite right, At the very least all mentiond versions
since 2.9.8 till 2.9.12 are affected.

Judging by difference between 2.9.12 and 2.9.13 this vulnerability requires
enabled file inspection feature, if I understand correctly.

Thanks for the feedback to all from this thread.

чт, 23 мая 2019 г. в 19:59, Joel Esler (jesler) <jesler () cisco com>:

> I don’t know if we have a list of every version affected.  But I would
> assume anything less than 2.9.13.0 that does SMB parsing should upgrade.
>
>
>
> --
>
> Joel Esler
>
> Manager, Communities Division
>
> Cisco Talos Intelligence Group
>
> http://www.talosintelligence.com
>
>
>
> *From: *Vladimir Kunschikov <kunschikov () gmail com>
> *Date: *Thursday, May 23, 2019 at 3:06 AM
> *To: *"Joel Esler (jesler)" <jesler () cisco com>
> *Cc: *Snort User <snort.user () gmail com>, snort-devel <
> snort-devel () lists snort org>
> *Subject: *Re: [Snort-devel] Is Snort affected ? (CVE-2019-1696,
> CVE-2019-1704)
>
>
>
> Thanks for the notification. Seems like blog post about 2.9.13  was
> updated and contain message about this vulnerabilities been fixed.
>
> Do anybody have some pcap file for the reproduction? Or maybe somewhere
> does exist some list of Snort versions affected by this vulnerability?
>
>
>
>   https://blog.snort.org/2019/04/snort-29130-has-been-released.html
>
>
>
>
>
>
>
> вт, 21 мая 2019 г. в 00:19, Joel Esler (jesler) via Snort-devel <
> snort-devel () lists snort org>:
>
> Thanks,
>
>
>
> I am in touch with the product team now to clarify and if action is
> needed, to take action.
>
>
>
> --
>
> Joel Esler
>
> Manager, Communities Division
>
> Cisco Talos Intelligence Group
>
> http://www.talosintelligence.com
>
>
>
> *From: *Snort-devel <snort-devel-bounces () lists snort org> on behalf of
> Snort User via Snort-devel <snort-devel () lists snort org>
> *Reply-To: *Snort User <snort.user () gmail com>
> *Date: *Monday, May 20, 2019 at 10:40 AM
> *To: *snort-devel <snort-devel () lists snort org>
> *Subject: *[Snort-devel] Is Snort affected ? (CVE-2019-1696,
> CVE-2019-1704)
>
>
>
> Hi
>
>
>
>
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort
>
>
>
> In the above report, I saw -
>
>
>
> "These vulnerabilities may also affect the open-source Snort project. For
> more information, see the Snort website <https://www.snort.org/>."
>
> However, I did not see any information on the website (or I missed it)
>
>
>
> I could not find any relevant info in the ChangeLog of the most recent
> release.
>
>
>
> Can anyone provide any details or info on this?
>
>
>
> - Is Snort affected? How?
>
> - Which versions? Is a patch available? etc
>
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists snort org
> https://lists.snort.org/mailman/listinfo/snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!