SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002227: Snort update to Version 2.8.5 - MantisBT
MantisBT - Endian Firewall
View Issue Details
0002227Endian FirewallOther Servicespublic2009-09-29 13:192009-10-27 11:58
Renee 
peter-endian 
normalfeatureN/A
closedfixed 
 
2.32.3 
0002227: Snort update to Version 2.8.5
Please update the Snort Version to 2.8.5 this Version has two updated Preprocessors and a new option which allow to continued inspection of Traffic when reload a configuration thats very interesting because the version used currently of Snort blocked the Traffic during reload.
http://www.snort.org/news/2009/09/16/snort-2-8-5-is-now-available/ [^]
needsfix, purple
jpg Snort new rules.jpg (257,281) 2009-10-03 23:37
https://bugs.endian.com/file_download.php?file_id=280&type=bug
jpg
Issue History
2009-09-29 13:19ReneeNew Issue
2009-09-29 15:36peter-endianNote Added: 0003043
2009-09-29 15:37peter-endianStatusnew => confirmed
2009-09-29 15:37peter-endianTarget Version => future
2009-09-29 17:45ReneeNote Added: 0003045
2009-09-29 17:49ReneeNote Edited: 0003045
2009-09-29 18:08ReneeNote Edited: 0003045
2009-09-29 18:09ReneeNote Edited: 0003045
2009-10-03 23:37ReneeFile Added: Snort new rules.jpg
2009-10-04 00:04ReneeNote Added: 0003056
2009-10-05 08:17luca-endianTag Attached: purple
2009-10-05 08:37luca-endianNote Added: 0003058
2009-10-05 08:50ReneeNote Added: 0003059
2009-10-05 09:35peter-endianTarget Versionfuture => 2.3
2009-10-05 09:35peter-endianStatusconfirmed => new
2009-10-05 09:35peter-endianAssigned To => peter-endian
2009-10-05 09:35peter-endianStatusnew => assigned
2009-10-08 13:19peter-endianStatusassigned => resolved
2009-10-08 13:19peter-endianFixed in Version => 2.3
2009-10-08 13:19peter-endianResolutionopen => fixed
2009-10-12 19:04peter-endianTag Attached: needsfix
2009-10-13 04:59AnonymousStatusresolved => feedback
2009-10-13 04:59AnonymousResolutionfixed => reopened
2009-10-13 11:44ReneeNote Added: 0003101
2009-10-13 16:40peter-endianNote Added: 0003107
2009-10-13 16:41peter-endianStatusfeedback => resolved
2009-10-13 16:41peter-endianResolutionreopened => fixed
2009-10-27 11:58peter-endianStatusresolved => closed

Notes
(0003043)
peter-endian   
2009-09-29 15:36   
interesting, will do that after 2.3
(0003045)
Renee   
2009-09-29 17:45   
(edited on: 2009-09-29 18:09)
Better it would be if it immediately with in 2.3 flows in because with the old ones 2.8.2.1 the VRT rules from snort.org also do not function any more because they new orders contained with the old version nothing can start and accordingly with an error message the service given a receipt.
And if the rules from www.emergingthreats.net, perhaps, also sometime these new orders contained this kills Snort with an update.What can absolutely happen because from the 2nd of October they already change the rules file structure http://www.emergingthreats.net/ [^]

(0003056)
Renee   
2009-10-04 00:04   
It does go quite loose the last rules contained already a Keyword what the old version not knows see the high-loaded picture.
(0003058)
luca-endian   
2009-10-05 08:37   
quick fix:
- don't upgrade snort rules until a fix will be released
- edit the file /etc/snort/rules/auto/emerging-web_specific_apps.rules
- remove the following rule:

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC WordPress plug-in potential path disclosure"; flow:established,to_server; uricontent:"/wp-content/plugins/"; nocase; content:!"|0d 0a|Referer|3a 20|"; nocase; http_header; classtype:attempted-recon; reference:url,seclists.org/fulldisclosure/2009/Sep/0387.html; reference:url,doc.emergingthreats.net/2009996; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress; sid:2009996; rev:3;)

- restart snort
(0003059)
Renee   
2009-10-05 08:50   
I have deaktivate the rule in the rule editor is the same effect.But this is not a lasting solution also now a new Snort version must be probably built.Me surprises only nobody has struck the VRT rules from snort.org already do not go since April or thus any more.
(0003101)
Renee   
2009-10-13 11:44   
Where can I find the new Snort packages him?
(0003107)
peter-endian   
2009-10-13 16:40   
comes with the final release
'resolved' means we fixed it in our subversion repository