Debian Bug report logs -
#1021276
snort: CVE-2020-3315 CVE-2021-1223 CVE-2021-1224 CVE-2021-1494 CVE-2021-1495 CVE-2021-34749 CVE-2021-40114
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Javier Fernández-Sanguino Peña <jfs@debian.org>:
Bug#1021276; Package src:snort.
(Tue, 04 Oct 2022 19:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Javier Fernández-Sanguino Peña <jfs@debian.org>.
(Tue, 04 Oct 2022 19:54:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: snort
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for snort.
These all lack details, but all boil down to the fact Snort needs
to be updated:
CVE-2020-3315[0]:
| Multiple Cisco products are affected by a vulnerability in the Snort
| detection engine that could allow an unauthenticated, remote attacker
| to bypass the configured file policies on an affected system. The
| vulnerability is due to errors in how the Snort detection engine
| handles specific HTTP responses. An attacker could exploit this
| vulnerability by sending crafted HTTP packets that would flow through
| an affected system. A successful exploit could allow the attacker to
| bypass the configured file policies and deliver a malicious payload to
| the protected network.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP
CVE-2021-1223[1]:
| Multiple Cisco products are affected by a vulnerability in the Snort
| detection engine that could allow an unauthenticated, remote attacker
| to bypass a configured file policy for HTTP. The vulnerability is due
| to incorrect handling of an HTTP range header. An attacker could
| exploit this vulnerability by sending crafted HTTP packets through an
| affected device. A successful exploit could allow the attacker to
| bypass configured file policy for HTTP packets and deliver a malicious
| payload.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-filepolbypass-67DEwMe2
CVE-2021-1224[2]:
| Multiple Cisco products are affected by a vulnerability with TCP Fast
| Open (TFO) when used in conjunction with the Snort detection engine
| that could allow an unauthenticated, remote attacker to bypass a
| configured file policy for HTTP. The vulnerability is due to incorrect
| detection of the HTTP payload if it is contained at least partially
| within the TFO connection handshake. An attacker could exploit this
| vulnerability by sending crafted TFO packets with an HTTP payload
| through an affected device. A successful exploit could allow the
| attacker to bypass configured file policy for HTTP packets and deliver
| a malicious payload.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes
CVE-2021-1494[3]:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
CVE-2021-1495[4]:
| Multiple Cisco products are affected by a vulnerability in the Snort
| detection engine that could allow an unauthenticated, remote attacker
| to bypass a configured file policy for HTTP. The vulnerability is due
| to incorrect handling of specific HTTP header parameters. An attacker
| could exploit this vulnerability by sending crafted HTTP packets
| through an affected device. A successful exploit could allow the
| attacker to bypass a configured file policy for HTTP packets and
| deliver a malicious payload.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
CVE-2021-34749[5]:
| A vulnerability in Server Name Identification (SNI) request filtering
| of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense
| (FTD), and the Snort detection engine could allow an unauthenticated,
| remote attacker to bypass filtering technology on an affected device
| and exfiltrate data from a compromised host. This vulnerability is due
| to inadequate filtering of the SSL handshake. An attacker could
| exploit this vulnerability by using data from the SSL client hello
| packet to communicate with an external server. A successful exploit
| could allow the attacker to execute a command-and-control attack on a
| compromised host and perform additional data exfiltration attacks.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN
CVE-2021-40114[6]:
| Multiple Cisco products are affected by a vulnerability in the way the
| Snort detection engine processes ICMP traffic that could allow an
| unauthenticated, remote attacker to cause a denial of service (DoS)
| condition on an affected device. The vulnerability is due to improper
| memory resource management while the Snort detection engine is
| processing ICMP packets. An attacker could exploit this vulnerability
| by sending a series of ICMP packets through an affected device. A
| successful exploit could allow the attacker to exhaust resources on
| the affected device, causing the device to reload.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-3315
https://www.cve.org/CVERecord?id=CVE-2020-3315
[1] https://security-tracker.debian.org/tracker/CVE-2021-1223
https://www.cve.org/CVERecord?id=CVE-2021-1223
[2] https://security-tracker.debian.org/tracker/CVE-2021-1224
https://www.cve.org/CVERecord?id=CVE-2021-1224
[3] https://security-tracker.debian.org/tracker/CVE-2021-1494
https://www.cve.org/CVERecord?id=CVE-2021-1494
[4] https://security-tracker.debian.org/tracker/CVE-2021-1495
https://www.cve.org/CVERecord?id=CVE-2021-1495
[5] https://security-tracker.debian.org/tracker/CVE-2021-34749
https://www.cve.org/CVERecord?id=CVE-2021-34749
[6] https://security-tracker.debian.org/tracker/CVE-2021-40114
https://www.cve.org/CVERecord?id=CVE-2021-40114
Please adjust the affected versions in the BTS as needed.
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 04 Oct 2022 20:21:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Oct 5 13:22:32 2022;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon