* Steve Kemp
| (Essentially apt-get + apt-cache for snort rules. Clearly packaging a
| single rule file within one package is a gross misuse of resources but
| it might be sufficient if they were signed and hosted somewhere
| sensible..)
They could all be packaged into a single package
Quoting Javier Fernández-Sanguino Peña ([EMAIL PROTECTED]):
> > [Short version: see the patch below.]
> (after a few days w/o answers from Snort's maintainer)
> Sander, any comments wrt to this patch? Please at least say wether you are
> going to forward this to Snort maintainers or use it in
On Tue, Aug 26, 2003 at 01:29:31AM +0200, Javier Fernández-Sanguino Peña wrote:
> [Short version: see the patch below.]
(after a few days w/o answers from Snort's maintainer)
Sander, any comments wrt to this patch? Please at least say wether you are
going to forward this to Snort maintainers
On Wed, Aug 27, 2003 at 12:06:15AM -0400, Matt Zimmerman wrote:
> > Well, _something_ threw dpkg off, because it doesn't always prompt
> > erroneously. Trouble is, we are never able to locate the culprit... :(
>
> http://bugs.debian.org/108587
>
> lists some situations where this can happen.
Ah,
On Wed, Aug 27, 2003 at 05:47:12AM +0200, Josip Rodin wrote:
> Well, _something_ threw dpkg off, because it doesn't always prompt
> erroneously. Trouble is, we are never able to locate the culprit... :(
http://bugs.debian.org/108587
lists some situations where this can happen.
--
- mdz
On Mon, Aug 25, 2003 at 11:00:06AM -0500, Adam Heath wrote:
> > > > I've upgraded to this version and it has required me to press y to
> > > > replace
> > > > modified conffiles in /etc/snort/rules/ about two dozen times, while I'm
> > > > pretty sure I never touched any of them. That's an pretty
Andreas Barth wrote:
> * Marc Haber ([EMAIL PROTECTED]) [030826 16:05]:
>>deb http://people.debian.org/~zugschlus/clamav-data/ /
> Add a debconf-question about adding this to sources.list?
Maybe README.Debian is better. In addition one might add a reference to
README.Debian to error messages compla
On Tue, 26 Aug 2003 16:10:36 +0200, Andreas Barth
<[EMAIL PROTECTED]> wrote:
>* Marc Haber ([EMAIL PROTECTED]) [030826 16:05]:
>> And daily, untested packages are built automatically on gluck and are
>> aptable from
>>
>> deb http://people.debian.org/~zugschlus/clamav-data/ /
>
>Add a debconf-ques
* Marc Haber ([EMAIL PROTECTED]) [030826 16:05]:
> On Mon, 25 Aug 2003 09:24:41 +0200, Magnus Ekdahl <[EMAIL PROTECTED]>
> wrote:
> >For users without an internet connection Marc Haber maintains the
> >clamav-data package which includes a static database. As well as the
> >clamav-getfiles package
On Tue, Aug 26, 2003 at 11:07:00AM -0400, Matt Zimmerman wrote:
> On Mon, Aug 25, 2003 at 09:04:08AM -0600, Jamin W. Collins wrote:
> >
> > Actually that's not true, as an example I refer you to SSH.
>
> A stunning example of what a terrible idea it is to do this.
Never said it was a good idea,
On Tue, Aug 26, 2003 at 11:40:10AM +0200, Sander Smeenk wrote:
> Quoting Matt Zimmerman ([EMAIL PROTECTED]):
> > What are these bugs exactly?
>
> If i recall correctly, it was two memory allocation faults in the RPC
> code, and one in the fragmented packet reassambly code.
I assumed that you wer
On Tue, Aug 26, 2003 at 12:46:45AM +0200, Sander Smeenk wrote:
> Let's first start by telling that my backported packages never made it
> to security updates that every good stable user should have in their apt
> sources. The DSA just pointed users who actually read it to my p.d.o.
> site.
Would
On Mon, Aug 25, 2003 at 10:29:30AM +0200, Sander Smeenk wrote:
> Quoting Jamin W. Collins ([EMAIL PROTECTED]):
>
> > > Before you object to this rather 'rude' bughandling, please keep in
> > > mind that version 1.8.4 of snort, which is in stable, has 3 severe
> > > security exploits,
> > So, why
On Tue, Aug 26, 2003 at 12:24:11AM +0200, Sander Smeenk wrote:
> This problem only exists for snort packages that aren't going to be
> updated, like the ones that reach stable. The unstable package is up to
> date enough to have all correct rules, imho.
>
> The other thing is, snort.org's people
On Mon, Aug 25, 2003 at 12:11:07PM -0400, Noah L. Meyerhans wrote:
> No. New attacks represent security threats. Old attacks represent
> curiosities, at best (i.e. have you seen any Redhat 6.2 rpc.statd attacks
> lately?)
>
> An intrusion detection system that can not detect known intrusions is
On Sun, Aug 24, 2003 at 08:59:06AM -0600, Jamin W. Collins wrote:
> On Sun, Aug 24, 2003 at 03:57:45PM +0200, Sander Smeenk wrote:
> >
> > Before you object to this rather 'rude' bughandling, please keep in
> > mind that version 1.8.4 of snort, which is in stable, has 3 severe
> > security exploi
On Mon, Aug 25, 2003 at 10:28:18AM +0200, Sander Smeenk wrote:
> Quoting Josip Rodin ([EMAIL PROTECTED]):
>
> > Oh and it didn't even want to start properly -- and the init script wasn't
> > even so kind to tell me, I had to learn from syslog that
> > Aug 24 16:57:23 hostname snort: FATAL ERROR:
On Mon, Aug 25, 2003 at 09:04:08AM -0600, Jamin W. Collins wrote:
> On Mon, Aug 25, 2003 at 10:19:55AM +0200, Sander Smeenk wrote:
> > We've been over this in debian-security before. I fixed the 1.8.4
> > package once, it got rejected, and I tried to have 2.0.x installed in
> > Stable, but ofcours
On Mon, 25 Aug 2003 09:24:41 +0200, Magnus Ekdahl <[EMAIL PROTECTED]>
wrote:
>For users without an internet connection Marc Haber maintains the
>clamav-data package which includes a static database. As well as the
>clamav-getfiles package to update it from a computer with internet access.
And da
Quoting Matt Zimmerman ([EMAIL PROTECTED]):
> > I'm about to close 95153, 133049, 158040, 16, 170580, 173331, 176223,
> > 135603, 161659, 165107, 165135, 165351, 171190, 172529, 173663, 174506,
> > 174508, 174509, 192401, 193544, 101725, 122689, 159575, 165126, 182280,
> > and 189780 with a nic
Quoting Matt Zimmerman ([EMAIL PROTECTED]):
> > That's for Martin Schulze (Joey - Stable Release Manager) and/or the
> > security
> > team to decide; not ftpmaster.
> A quick scan of those bugs doesn't reveal anything which looks like a
> security vulnerability, so this would seem to be purely an
On Sun, Aug 24, 2003 at 03:57:45PM +0200, Sander Smeenk wrote:
> I'm about to close 95153, 133049, 158040, 16, 170580, 173331, 176223,
> 135603, 161659, 165107, 165135, 165351, 171190, 172529, 173663, 174506,
> 174508, 174509, 192401, 193544, 101725, 122689, 159575, 165126, 182280,
> and 18978
On Mon, Aug 25, 2003 at 02:17:51AM +1000, Anthony Towns wrote:
> That's for Martin Schulze (Joey - Stable Release Manager) and/or the security
> team to decide; not ftpmaster.
A quick scan of those bugs doesn't reveal anything which looks like a
security vulnerability, so this would seem to be pu
On Tue, Aug 26, 2003 at 12:46:45AM +0200, Sander Smeenk wrote:
> Quoting Drew Scott Daniels ([EMAIL PROTECTED]):
> > Imho it's ok to close non-rc bugs on stable (main Debian developers do).
> > My rational is that we only fix RC bugs on stable.
>
> It also has an 'archival' kind of function where
Quoting Drew Scott Daniels ([EMAIL PROTECTED]):
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=183719 and bug 189267
> say:
> DSA 297 closes these bugs. It may be worth noting that potato was not
> affected.
> What other security issues are there?
Let's first start by telling that my back
Quoting Javier Fernández-Sanguino Peña ([EMAIL PROTECTED]):
> > Thus, it can't detect potentially harmful traffic.
> That's not correct, it cannot detected _new_ potentially harmful traffic.
> There's quite a lot of potentially harmful traffic (stable) snort can
> detect. The fact that it's not up
On Tue, Aug 26, 2003 at 12:24:11AM +0200, Sander Smeenk wrote:
> > Really, the way to fix this package X needs data Y to be up-to-date is to:
> > a) separate data from the package (Nessus plugins are available in the
> > 'nessus-plugins' package and can be updated separately, for example)
>
> sno
In response to several issues raised...
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=191105
Not having updated signatures is not an issue that should keep snort out
of stable as administrators may write their own signatures for snort.
Perhaps however a wishlist bug asking for a comment
On Mon, Aug 25, 2003 at 12:11:07PM -0400, Noah L. Meyerhans wrote:
>
> If you have a specific policy that allows you to only be interested in
> ancient attacks, good for you. We cannot expect our users to be in such
> a position.
Maybe you are not interested in new attacks (say, about a year old
On Mon, Aug 25, 2003 at 01:56:40PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> That's not correct, it cannot detected _new_ potentially harmful traffic.
> There's quite a lot of potentially harmful traffic (stable) snort can
> detect. The fact that it's not up-to-date does not mean that it's us
On Mon, 25 Aug 2003, Josip Rodin wrote:
> On Mon, Aug 25, 2003 at 10:25:28AM +0200, Sander Smeenk wrote:
> > > I've upgraded to this version and it has required me to press y to replace
> > > modified conffiles in /etc/snort/rules/ about two dozen times, while I'm
> > > pretty sure I never touched
On Mon, Aug 25, 2003 at 12:46:27PM +0100, Colin Watson wrote:
>
> Considering the disaster that the openssh update to potato was, and the
> bugs it caused, I'm not sure that that's a good example to bring up if
> you're *advocating* upgrading a package to a new upstream version ...
Well, I was re
Sander Smeenk wrote:
> I'm about to close 95153, 133049, 158040, 16, 170580, 173331, 176223,
> 135603, 161659, 165107, 165135, 165351, 171190, 172529, 173663, 174506,
> 174508, 174509, 192401, 193544, 101725, 122689, 159575, 165126, 182280,
> and 189780 with a nice message telling that the bug
On Mon, Aug 25, 2003 at 10:19:55AM +0200, Sander Smeenk wrote:
>
> The problem is that the buglist i'm having on snort now, consists of
> mainly bugs filed on the stable package of snort, which has been long
> solved in the later releases of snort that didn't make it in the
> release of Debian.
S
On Mon, Aug 25, 2003 at 01:37:03PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> On Mon, Aug 25, 2003 at 10:19:55AM +0200, Sander Smeenk wrote:
> > We've been over this in debian-security before. I fixed the 1.8.4
> > package once, it got rejected, and I tried to have 2.0.x installed in
> > Stable
On Sun, Aug 24, 2003 at 07:32:10PM -0400, Noah L. Meyerhans wrote:
>
> Snort depends on a set of rules to detect potentially malicious traffic.
> Obviously this set of rules needs to be updates on a regular basis in
> order to keep up with new security issues. The problem is that the
> version of
On Sun, Aug 24, 2003 at 10:02:02PM -0400, Noah L. Meyerhans wrote:
>
> I can think off-hand of at least one other security related tool that
> needs frequent updating of a ruleset: nessus. It is an active probing
> tool that scans a network for vulnerable systems. If it doesn't have a
> current
On Mon, Aug 25, 2003 at 10:19:55AM +0200, Sander Smeenk wrote:
> Quoting Javier Fernández-Sanguino Peña ([EMAIL PROTECTED]):
>
(...)
> It's annoying now, to see what bugs really are bugs, and what are bugs
You mean "are bugs related to the latest version" instead of "really are
bugs".
> filed
Quoting Sander Smeenk ([EMAIL PROTECTED]):
> Hi,
>
> I'm about to close 95153, 133049, 158040, 16, 170580, 173331, 176223,
> 135603, 161659, 165107, 165135, 165351, 171190, 172529, 173663, 174506,
> 174508, 174509, 192401, 193544, 101725, 122689, 159575, 165126, 182280,
> and 189780 with a nic
On Sun, Aug 24, 2003 at 10:02:02PM -0400, Noah L. Meyerhans wrote:
> I can think off-hand of at least one other security related tool that
> needs frequent updating of a ruleset: nessus. It is an active probing
> tool that scans a network for vulnerable systems. If it doesn't have a
> current set
Quoting Josip Rodin ([EMAIL PROTECTED]):
> > > I've upgraded to this version and it has required me to press y to replace
> > > modified conffiles in /etc/snort/rules/ about two dozen times, while I'm
> > > pretty sure I never touched any of them. That's an pretty impressive
> > > amount
> > > of
Quoting Jamin W. Collins ([EMAIL PROTECTED]):
> > Before you object to this rather 'rude' bughandling, please keep in
> > mind that version 1.8.4 of snort, which is in stable, has 3 severe
> > security exploits,
> So, why hasn't a security update been released for it?
There has been a DSA about
On Mon, Aug 25, 2003 at 10:25:28AM +0200, Sander Smeenk wrote:
> > I've upgraded to this version and it has required me to press y to replace
> > modified conffiles in /etc/snort/rules/ about two dozen times, while I'm
> > pretty sure I never touched any of them. That's an pretty impressive amount
Quoting Josip Rodin ([EMAIL PROTECTED]):
> Oh and it didn't even want to start properly -- and the init script wasn't
> even so kind to tell me, I had to learn from syslog that
> Aug 24 16:57:23 hostname snort: FATAL ERROR: Unable to open rules file:
> ../rules/bad-traffic.rules or /etc/snort/../
Quoting Josip Rodin ([EMAIL PROTECTED]):
> > [2] deb http:///people.debian.org/~ssmeenk/snort-stable-i386/ ./
>~ Typo.
Oops.
> I've upgraded to this version and it has required me to press y to replace
> modified conffiles in /etc/snort/rules/ about two dozen times, while I'm
> p
Quoting Javier Fernández-Sanguino Peña ([EMAIL PROTECTED]):
> > 'semi up to date'. Still a lot of people use the outdated and utterly
> > broken 1.8.4 release and complain. Although these complaints are correct,
> Maybe because they are not aware of your backporting efforts.
And they never will b
Adrian von Bidder wrote:
On Monday 25 August 2003 04:02, Noah L. Meyerhans wrote:
I can think off-hand of at least one other security related tool that
needs frequent updating of a ruleset: nessus. It is an active probing
clamav needs to update its virus definitons - it's exactly the same case
On Monday 25 August 2003 04:02, Noah L. Meyerhans wrote:
> I can think off-hand of at least one other security related tool that
> needs frequent updating of a ruleset: nessus. It is an active probing
clamav needs to update its virus definitons - it's exactly the same case
again.
-- vbi
--
On Mon, Aug 25, 2003 at 02:27:41AM +0100, Steve Kemp wrote:
> (Essentially apt-get + apt-cache for snort rules. Clearly packaging a
> single rule file within one package is a gross misuse of resources but
> it might be sufficient if they were signed and hosted somewhere
> sensible..)
Such
On Mon, Aug 25, 2003 at 01:33:37AM +0200, Goswin von Brederlow wrote:
>
> Why don't you add an option to load newer rulesets and/or update
> information to snort. Once a day/week/month snort you probe some url
> for a signed ruleset or news file and report to the user about any
> updates.
>
> Tha
"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes:
> On Sun, Aug 24, 2003 at 08:59:06AM -0600, Jamin W. Collins wrote:
> > > Before you object to this rather 'rude' bughandling, please keep in
> > > mind that version 1.8.4 of snort, which is in stable, has 3 severe
> > > security exploits,
> >
> >
On Sun, Aug 24, 2003 at 08:59:06AM -0600, Jamin W. Collins wrote:
> > Before you object to this rather 'rude' bughandling, please keep in
> > mind that version 1.8.4 of snort, which is in stable, has 3 severe
> > security exploits,
>
> So, why hasn't a security update been released for it?
Large
On Sun, Aug 24, 2003 at 04:39:58PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> > Before you object to this rather 'rude' bughandling, please keep in mind
> > that version 1.8.4 of snort, which is in stable, has 3 severe security
> > exploits, and is completely outdated in catching crooks (rulefi
On Sun, Aug 24, 2003 at 04:51:08PM +0200, Josip Rodin wrote:
> > Instead I provide signed backported packages on p.d.o which I will keep
> > 'semi up to date'.
> >
> > Before you object to this rather 'rude' bughandling, please keep in mind
> > that version 1.8.4 of snort, which is in stable, has
On Sun, Aug 24, 2003 at 03:57:45PM +0200, Sander Smeenk wrote:
>
> Before you object to this rather 'rude' bughandling, please keep in
> mind that version 1.8.4 of snort, which is in stable, has 3 severe
> security exploits,
So, why hasn't a security update been released for it?
--
Jamin W. Co
On Sun, Aug 24, 2003 at 03:57:45PM +0200, Sander Smeenk wrote:
> Instead I provide signed backported packages on p.d.o which I will keep
> 'semi up to date'.
>
> Before you object to this rather 'rude' bughandling, please keep in mind
> that version 1.8.4 of snort, which is in stable, has 3 severe
Sander,
in principle, I agree that fixing those bugs by backporting patches is
not worth the effort, but let me suggest an alternative plan (which the
SRM will hate me for, so you should probably ask him before):
- Check which of those bugs are really fixed in the newest version
- Upload a back
On Sun, Aug 24, 2003 at 03:57:45PM +0200, Sander Smeenk wrote:
> Hi,
>
> I'm about to close 95153, 133049, 158040, 16, 170580, 173331, 176223,
(...)
I object.
>
> Instead I provide signed backported packages on p.d.o which I will keep
> 'semi up to date'. Still a lot of people use the outda
Hi,
I'm about to close 95153, 133049, 158040, 16, 170580, 173331, 176223,
135603, 161659, 165107, 165135, 165351, 171190, 172529, 173663, 174506,
174508, 174509, 192401, 193544, 101725, 122689, 159575, 165126, 182280,
and 189780 with a nice message telling that the bug was reported on a
really
59 matches
Mail list logo
