SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002227: Snort update to Version 2.8.5 - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002227Endian FirewallOther Servicespublic2009-09-29 13:192009-10-27 11:58
ReporterRenee 
Assigned Topeter-endian 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version2.3Fixed in Version2.3 
Summary0002227: Snort update to Version 2.8.5
DescriptionPlease update the Snort Version to 2.8.5 this Version has two updated Preprocessors and a new option which allow to continued inspection of Traffic when reload a configuration thats very interesting because the version used currently of Snort blocked the Traffic during reload.
http://www.snort.org/news/2009/09/16/snort-2-8-5-is-now-available/ [^]
Tagsneedsfix, purple
Attached Filesjpg file icon Snort new rules.jpg [^] (257,281 bytes) 2009-10-03 23:37

- Relationships

-  Notes
(0003043)
peter-endian (administrator)
2009-09-29 15:36

interesting, will do that after 2.3
(0003045)
Renee (reporter)
2009-09-29 17:45
edited on: 2009-09-29 18:09

Better it would be if it immediately with in 2.3 flows in because with the old ones 2.8.2.1 the VRT rules from snort.org also do not function any more because they new orders contained with the old version nothing can start and accordingly with an error message the service given a receipt.
And if the rules from www.emergingthreats.net, perhaps, also sometime these new orders contained this kills Snort with an update.What can absolutely happen because from the 2nd of October they already change the rules file structure http://www.emergingthreats.net/ [^]

(0003056)
Renee (reporter)
2009-10-04 00:04

It does go quite loose the last rules contained already a Keyword what the old version not knows see the high-loaded picture.
(0003058)
luca-endian (developer)
2009-10-05 08:37

quick fix:
- don't upgrade snort rules until a fix will be released
- edit the file /etc/snort/rules/auto/emerging-web_specific_apps.rules
- remove the following rule:

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC WordPress plug-in potential path disclosure"; flow:established,to_server; uricontent:"/wp-content/plugins/"; nocase; content:!"|0d 0a|Referer|3a 20|"; nocase; http_header; classtype:attempted-recon; reference:url,seclists.org/fulldisclosure/2009/Sep/0387.html; reference:url,doc.emergingthreats.net/2009996; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress; sid:2009996; rev:3;)

- restart snort
(0003059)
Renee (reporter)
2009-10-05 08:50

I have deaktivate the rule in the rule editor is the same effect.But this is not a lasting solution also now a new Snort version must be probably built.Me surprises only nobody has struck the VRT rules from snort.org already do not go since April or thus any more.
(0003101)
Renee (reporter)
2009-10-13 11:44

Where can I find the new Snort packages him?
(0003107)
peter-endian (administrator)
2009-10-13 16:40

comes with the final release
'resolved' means we fixed it in our subversion repository

- Issue History
Date Modified Username Field Change
2009-09-29 13:19 Renee New Issue
2009-09-29 15:36 peter-endian Note Added: 0003043
2009-09-29 15:37 peter-endian Status new => confirmed
2009-09-29 15:37 peter-endian Target Version => future
2009-09-29 17:45 Renee Note Added: 0003045
2009-09-29 17:49 Renee Note Edited: 0003045
2009-09-29 18:08 Renee Note Edited: 0003045
2009-09-29 18:09 Renee Note Edited: 0003045
2009-10-03 23:37 Renee File Added: Snort new rules.jpg
2009-10-04 00:04 Renee Note Added: 0003056
2009-10-05 08:17 luca-endian Tag Attached: purple
2009-10-05 08:37 luca-endian Note Added: 0003058
2009-10-05 08:50 Renee Note Added: 0003059
2009-10-05 09:35 peter-endian Target Version future => 2.3
2009-10-05 09:35 peter-endian Status confirmed => new
2009-10-05 09:35 peter-endian Assigned To => peter-endian
2009-10-05 09:35 peter-endian Status new => assigned
2009-10-08 13:19 peter-endian Status assigned => resolved
2009-10-08 13:19 peter-endian Fixed in Version => 2.3
2009-10-08 13:19 peter-endian Resolution open => fixed
2009-10-12 19:04 peter-endian Tag Attached: needsfix
2009-10-13 04:59 Anonymous Status resolved => feedback
2009-10-13 04:59 Anonymous Resolution fixed => reopened
2009-10-13 11:44 Renee Note Added: 0003101
2009-10-13 16:40 peter-endian Note Added: 0003107
2009-10-13 16:41 peter-endian Status feedback => resolved
2009-10-13 16:41 peter-endian Resolution reopened => fixed
2009-10-27 11:58 peter-endian Status resolved => closed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker