Experts warn of Snort vulnerability

By

Hackers intrude on intrusion detection system.

Experts warn of Snort vulnerability
A security vulnerability has been discovered in the Snort open source intrusion detection system.

Discovered by Neel Mehta from IBM's X-Force, the flaw exists in the Snort DCE/RPC pre-processor. 

A remote attacker could cause a buffer overflow and execute arbitrary code with root or system privileges by sending specially-crafted Server Message Block traffic to a vulnerable system.

Server Message Block is a protocol for sharing files, printers, serial ports and communications between computers.

This bug affects Snort 2.6.1, 2.6.1.1, 2.6.1.2 and Snort 2.7.0 beta 1. An update is available to correct the problem.

Snort advises users who cannot upgrade immediately to disable the DCE/RPC pre-processor by removing the directives from snort.conf and restarting Snort.

However, it should be noted that disabling this pre-processor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should re-enable the DCE/RPC pre-processor.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

VicRoads to phase out passwords in favour of passkeys

VicRoads to phase out passwords in favour of passkeys

Service NSW centralises security, networking in mammoth CloudOps overhaul

Service NSW centralises security, networking in mammoth CloudOps overhaul

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

Log In

  |  Forgot your password?