Snort mailing list archives
Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704)
From: Vladimir Kunschikov via Snort-devel <snort-devel () lists snort org>
Date: Fri, 24 May 2019 14:36:22 +0300
I’ve googled out the list of ‘bundled components’ of Firepower, got from there affected versions of the snort. https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html#id_34002 seems like you are quite right, At the very least all mentiond versions since 2.9.8 till 2.9.12 are affected. Judging by difference between 2.9.12 and 2.9.13 this vulnerability requires enabled file inspection feature, if I understand correctly. Thanks for the feedback to all from this thread. чт, 23 мая 2019 г. в 19:59, Joel Esler (jesler) <jesler () cisco com>:
I don’t know if we have a list of every version affected. But I would assume anything less than 2.9.13.0 that does SMB parsing should upgrade. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com *From: *Vladimir Kunschikov <kunschikov () gmail com> *Date: *Thursday, May 23, 2019 at 3:06 AM *To: *"Joel Esler (jesler)" <jesler () cisco com> *Cc: *Snort User <snort.user () gmail com>, snort-devel < snort-devel () lists snort org> *Subject: *Re: [Snort-devel] Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Thanks for the notification. Seems like blog post about 2.9.13 was updated and contain message about this vulnerabilities been fixed. Do anybody have some pcap file for the reproduction? Or maybe somewhere does exist some list of Snort versions affected by this vulnerability? https://blog.snort.org/2019/04/snort-29130-has-been-released.html вт, 21 мая 2019 г. в 00:19, Joel Esler (jesler) via Snort-devel < snort-devel () lists snort org>: Thanks, I am in touch with the product team now to clarify and if action is needed, to take action. -- Joel Esler Manager, Communities Division Cisco Talos Intelligence Group http://www.talosintelligence.com *From: *Snort-devel <snort-devel-bounces () lists snort org> on behalf of Snort User via Snort-devel <snort-devel () lists snort org> *Reply-To: *Snort User <snort.user () gmail com> *Date: *Monday, May 20, 2019 at 10:40 AM *To: *snort-devel <snort-devel () lists snort org> *Subject: *[Snort-devel] Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Hi https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort In the above report, I saw - "These vulnerabilities may also affect the open-source Snort project. For more information, see the Snort website <https://www.snort.org/>." However, I did not see any information on the website (or I missed it) I could not find any relevant info in the ChangeLog of the most recent release. Can anyone provide any details or info on this? - Is Snort affected? How? - Which versions? Is a patch available? etc _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Snort User via Snort-devel (May 20)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Joel Esler (jesler) via Snort-devel (May 20)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Joel Esler (jesler) via Snort-devel (May 23)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Snort User via Snort-devel (May 23)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Joel Esler (jesler) via Snort-devel (May 23)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Joel Esler (jesler) via Snort-devel (May 23)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Vladimir Kunschikov via Snort-devel (May 23)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Joel Esler (jesler) via Snort-devel (May 23)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Vladimir Kunschikov via Snort-devel (May 24)
- Re: Is Snort affected ? (CVE-2019-1696, CVE-2019-1704) Joel Esler (jesler) via Snort-devel (May 20)