On Fri, 25 Apr 2003 10:19:59 +0100, David Ramsden wrote: >Noticed on vil.mcafee.com that a proof of concept exploit for Snort to >exploit the vuln. found in v1.8 through to 1.9.1. [...] >What's the status of a patch from Debian Security? No DSA yet either. >I know this has been brought up a few times already but now an exploit >exists in the wild.
David, you probably want to look at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=173254 which I submitted after a previous discussion on this list (December 2002) about problems with the Debian stable Snort package being out of date. The general consensus of opinion (including the Debian packager) was that *nobody* should even consider using the V1.8.4 Snort package in Woody - it's much too old, and has a number of security issues. Most people's advice was to stop using the Debian package, and instead download & compile the latest source from www.snort.org, and keep tracking new releases from there - and get signature updates from there as well. This is what I do now. Some people think Snort should actually be removed from the Debian package collection, because it will always drift seriously out of date over time, and because there's no easy way to incorporate up-to-date signatures (rules) into Debian. Cheers, Nick Boyce Bristol, UK -- Boycott Amazon till they relent on the 1-click software patent - http://www.gnu.org/philosophy/amazon.html
