Your message dated Sat, 24 Aug 2024 22:14:31 +0000
with message-id <[email protected]>
and subject line Bug#1079286: Removed package(s) from unstable
has caused the Debian Bug report #1021276,
regarding snort: CVE-2020-3315 CVE-2021-1223 CVE-2021-1224 CVE-2021-1494 
CVE-2021-1495 CVE-2021-34749 CVE-2021-40114
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1021276: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021276
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: snort
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for snort.

These all lack details, but all boil down to the fact Snort needs
to be updated:

CVE-2020-3315[0]:
| Multiple Cisco products are affected by a vulnerability in the Snort
| detection engine that could allow an unauthenticated, remote attacker
| to bypass the configured file policies on an affected system. The
| vulnerability is due to errors in how the Snort detection engine
| handles specific HTTP responses. An attacker could exploit this
| vulnerability by sending crafted HTTP packets that would flow through
| an affected system. A successful exploit could allow the attacker to
| bypass the configured file policies and deliver a malicious payload to
| the protected network.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP

CVE-2021-1223[1]:
| Multiple Cisco products are affected by a vulnerability in the Snort
| detection engine that could allow an unauthenticated, remote attacker
| to bypass a configured file policy for HTTP. The vulnerability is due
| to incorrect handling of an HTTP range header. An attacker could
| exploit this vulnerability by sending crafted HTTP packets through an
| affected device. A successful exploit could allow the attacker to
| bypass configured file policy for HTTP packets and deliver a malicious
| payload.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-filepolbypass-67DEwMe2

CVE-2021-1224[2]:
| Multiple Cisco products are affected by a vulnerability with TCP Fast
| Open (TFO) when used in conjunction with the Snort detection engine
| that could allow an unauthenticated, remote attacker to bypass a
| configured file policy for HTTP. The vulnerability is due to incorrect
| detection of the HTTP payload if it is contained at least partially
| within the TFO connection handshake. An attacker could exploit this
| vulnerability by sending crafted TFO packets with an HTTP payload
| through an affected device. A successful exploit could allow the
| attacker to bypass configured file policy for HTTP packets and deliver
| a malicious payload.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes

CVE-2021-1494[3]:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc

CVE-2021-1495[4]:
| Multiple Cisco products are affected by a vulnerability in the Snort
| detection engine that could allow an unauthenticated, remote attacker
| to bypass a configured file policy for HTTP. The vulnerability is due
| to incorrect handling of specific HTTP header parameters. An attacker
| could exploit this vulnerability by sending crafted HTTP packets
| through an affected device. A successful exploit could allow the
| attacker to bypass a configured file policy for HTTP packets and
| deliver a malicious payload.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc

CVE-2021-34749[5]:
| A vulnerability in Server Name Identification (SNI) request filtering
| of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense
| (FTD), and the Snort detection engine could allow an unauthenticated,
| remote attacker to bypass filtering technology on an affected device
| and exfiltrate data from a compromised host. This vulnerability is due
| to inadequate filtering of the SSL handshake. An attacker could
| exploit this vulnerability by using data from the SSL client hello
| packet to communicate with an external server. A successful exploit
| could allow the attacker to execute a command-and-control attack on a
| compromised host and perform additional data exfiltration attacks.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN

CVE-2021-40114[6]:
| Multiple Cisco products are affected by a vulnerability in the way the
| Snort detection engine processes ICMP traffic that could allow an
| unauthenticated, remote attacker to cause a denial of service (DoS)
| condition on an affected device. The vulnerability is due to improper
| memory resource management while the Snort detection engine is
| processing ICMP packets. An attacker could exploit this vulnerability
| by sending a series of ICMP packets through an affected device. A
| successful exploit could allow the attacker to exhaust resources on
| the affected device, causing the device to reload.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-3315
    https://www.cve.org/CVERecord?id=CVE-2020-3315
[1] https://security-tracker.debian.org/tracker/CVE-2021-1223
    https://www.cve.org/CVERecord?id=CVE-2021-1223
[2] https://security-tracker.debian.org/tracker/CVE-2021-1224
    https://www.cve.org/CVERecord?id=CVE-2021-1224
[3] https://security-tracker.debian.org/tracker/CVE-2021-1494
    https://www.cve.org/CVERecord?id=CVE-2021-1494
[4] https://security-tracker.debian.org/tracker/CVE-2021-1495
    https://www.cve.org/CVERecord?id=CVE-2021-1495
[5] https://security-tracker.debian.org/tracker/CVE-2021-34749
    https://www.cve.org/CVERecord?id=CVE-2021-34749
[6] https://security-tracker.debian.org/tracker/CVE-2021-40114
    https://www.cve.org/CVERecord?id=CVE-2021-40114

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message ---
Version: 2.9.15.1-6+rm

Dear submitter,

as the package snort has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1079286

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to