A security vulnerability has been discovered in the Snort open source intrusion detection system.
Discovered by Neel Mehta from IBM's X-Force, the flaw exists in the Snort DCE/RPC pre-processor.
A remote attacker could cause a buffer overflow and execute arbitrary code with root or system privileges by sending specially-crafted Server Message Block traffic to a vulnerable system.
Server Message Block is a protocol for sharing files, printers, serial ports and communications between computers.
This bug affects Snort 2.6.1, 2.6.1.1, 2.6.1.2 and Snort 2.7.0 beta 1. An update is available to correct the problem.
Snort advises users who cannot upgrade immediately to disable the DCE/RPC pre-processor by removing the directives from snort.conf and restarting Snort.
However, it should be noted that disabling this pre-processor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should re-enable the DCE/RPC pre-processor.
Experts warn of Snort vulnerability
By
Staff Writers
on Feb 23, 2007 10:24AM
Hackers intrude on intrusion detection system.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Promoted Content
Four signs your organisation is paying a massive innovation tax, and how to fix it
Promoted Content
Why CIOs must now think differently about application security
Promoted Content
How UniSuper used BiZZdesign to accelerate its digital transformation
Promoted Content
How to choose business data storage
Sponsored Whitepapers
The 5 steps to effective data protection
Understanding the next security control points: applications and workloads
Best security practices after rapid Digital Transformation
The CISO View 2021 Survey: Zero Trust and Privileged Access
How and why to backup your Office 365 tenant
