Network Security Toolkit (NST) Patch: P200703061

Patch Summary: Security patch - updates snort to version: "2.6.1.3".

Patch Release Specifications:

Patch Revision History:

2007-03-06 (v1.0.2)

Now includes a new version of "setup_snort" which will correctly identify and use the new security patched snort binary: "v2.6.1.3".

2007-03-06 (v1.0.1)

Patch has been updated to provide support for a "Live CD" boot of the NST as well as a hard disk and virtual machine installation. In this new patch, the new version of snort is placed under /usr/bin/snort, and the version under /usr/local/snort-2.6.1.2/snort is replace with a symbolic link to /usr/bin/snort (except in the case of a Live CD). The /etc/rc.d/init.d/snortd script is then updated to use the /usr/bin/snort version.

2007-03-05 (v1.0.0)

This patch installs an updated version of the "snort" executable (version 2.6.1.3). This is to address the following security issue posted at the Snort website: "A remotely exploitable vulnerability exists in the DCE/RPC dynamic preprocessor included with Snort versions 2.6.1, 2.6.1.1, 2.6.1.2 and 2.7 Beta 1."

Patch Release Notes:

This patch can be applied by hand by downloading the patch file: "P200703061-102.zip" to your NST probe system, unzipping it and then running the "nstpatch.sh" script contained, For example:

[root@probe ~]# mkdir /tmp/patch
[root@probe ~]# cd /tmp/patch
[root@probe patch]# wget -nH http://nst.sourceforge.net/nst/patches/P200703061-102.zip

  ... output from wget ...

[root@probe patch]# unzip P200703061-102.zip

  ... output from unzip ...

[root@probe patch]# ./nstpatch.sh

  ... output from nstpatch.sh ...

[root@probe patch]# cd
[root@probe ~]# rm -fr /tmp/patch
[root@probe ~]#