Sourcefire pushes update to fix Snort flaw

The US based firm alerted users to a flaw in Snort’s DCE/RPC processor, which is vulnerable to stack-based buffer overflow attacks.

Sourcefire has released updates to fix problem, and has not received reports of exploitation, according to the advisory.

The vulnerability affects Snort versions 2.6.1, 2.6.1.1 and 2.6.1.2, Snort 2.7.0 beta 1 and Sourcefire commercial products, according to the company advisory.

The firm urged Snort 2.6.1.x users to upgrade to version 2.6.1.3 immediately.

The issue in Snort 2.7 beta 1 will be fixed in Snort 2.7 beta 2. Until its release, beta users have been advised to disable the DEC/RPC processor.

Secunia ranked the buffer overflow flaw as "highly critical," meaning it’s remotely exploitable without user interaction.

The flaw, CVE-2006-5276 in the Common Vulnerabilities and Exposures listing, was discovered by Neel Mehta, team lead of the X-Force Advanced Research Group at IBM Internet Security Systems.

Mehta told SCMagazine.com that Snort is more prone to vulnerabilities because of how often Sourcefire updates the program. He also praised the company for a quick response to the flaw.

"It’s a relatively quickly changing product – they’re always adapting to new attacks, always writing new code," he said.

"The fact that they have a lot of code makes them more at risk than other programs. I think that’s just the nature of the program."

Last month, researchers from the University of Wisconsin revealed a flaw in Snort version 2.4.3 that could be exploited in a DoS attack. The flaw was fixed in Snort version 2.6.1, according to Secunia.

betafixflawforpushessecuritysnortsourcefiretoupdateusersworkaround