The Inquirer-Home

Government and enterprises vulnerable to Snort error

Not to be sniffed at
Wed Feb 21 2007, 07:21
A FLAW in free network intrusion security software Snort could leave a lot of businesses vulnerable to hackers.

Snort is a popular bit of software, particularly in IBM installations, and it was Big Blue that found the flaw.

The flaw is a stack-based buffer overflow in the Snort intrusion detection system. This affects the Snort DCE/RPC preprocessor and could be used to execute code with the same privileges remotely. The user does not even have to touch their machine.

Snort 2.6.1, 2.6.1.1, and 2.6.1.2 and Snort 2.7.0 beta 1 are affected as are Sourcefire commercial products.

Anyone who has disabled the DCE/RPC preprocessor is not vulnerable. But since this is enabled by default it is pretty unlikely.

Snort 2.6.1.3, or later is safe from the flaw and Sourcefire recommends an upgrade. Those using Snort 2.7 beta are not protected and should switch off the DCE/RPC preprocessor.

More here. µ

Share this:

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

aboutus
Advertisement
Subscribe to INQ newsletters
Advertisement
INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?