Experts warn of Snort vulnerability

Feb 23, 2007 10:24 AM
Filed under Security
 

Hackers intrude on intrusion detection system.

A security vulnerability has been discovered in the Snort open source intrusion detection system.

Discovered by Neel Mehta from IBM's X-Force, the flaw exists in the Snort DCE/RPC pre-processor. 

A remote attacker could cause a buffer overflow and execute arbitrary code with root or system privileges by sending specially-crafted Server Message Block traffic to a vulnerable system.

Server Message Block is a protocol for sharing files, printers, serial ports and communications between computers.

This bug affects Snort 2.6.1, 2.6.1.1, 2.6.1.2 and Snort 2.7.0 beta 1. An update is available to correct the problem.

Snort advises users who cannot upgrade immediately to disable the DCE/RPC pre-processor by removing the directives from snort.conf and restarting Snort.

However, it should be noted that disabling this pre-processor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should re-enable the DCE/RPC pre-processor.

Copyright ©v3.co.uk


Experts warn of Snort vulnerability
Tags
experts, warn, snort, vulnerability
Related Articles
Breaking Stories
 
 
 
 
 
Top Stories
CommBank suppliers compete for portable workloads
CommBank suppliers compete for portable workloads
Multi-sourcing deals yield $100m savings.
 
Australia turns to homegrown drones
Australia turns to homegrown drones
Debating the finer points of unmanned aerial vehicle design.
 
The New Zealand telco problem
The New Zealand telco problem
Opinion: Could Telstra save Kiwi telcos?
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

Latest Comments
Powered by Disqus
Polls
Should the Government enact new legislation to protect copyright holders in the digital age?
   |   View results
Yes
  20%
 
No
  80%
TOTAL VOTES: 540

Vote
view previous polls »