Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Sourcefire Responds Quickly to Snort Flaw

Sourcefire Inc. has advanced its popular open-source Snort IDS tool to the next version to fix security flaws vulnerable to attackers' exploits that could result in a DoS or install malicious code. Snort is a widely used detection system for open-source intrusion. It has a hole that attackers can use to execute malicious code on vulnerable computers, reported several security organizations on February 19, 2007.

According to a Sourcefire advisory, the flaw lies in the Snort DCE/RPC preprocessor. This preprocessor is open to a buffer overflow reliant on a stack that could enable attackers to run code enjoying the same privileges as the Snort binary, the vendor said.

Secunia, the vulnerability-tracking firm has ranked the threat as "highly critical", the second highest serious rating in its 1-5 scoring arrangement.

Neel Mehta, team leader of the X-Force Advanced Research Group at IBM Internet Security Systems discovered the flaw, CVE-2006-5276 in the list of Common Vulnerabilities and Exposures. Speaking to SCMagazine Mehta said Snort had a greater tendency for vulnerabilities because of the frequent updates Sourcefire undertakes for the program. He also appreciated the company to respond quickly to the threat.

Several editions of Snort, which form the security appliance line of Sourcefire, are susceptible to risk, according to advisories of US-CERT and the SANS Institute's Internet Storm Center.

Sourcefire's advisory said that the flaw makes impact on Snort versions 2.6.1, 2.6.1.1 and 2.6.1.2, Snort 2.7.0 beta1 and commercial products of the company. It recommends users of Snort 2.6.1x to upgrade to version 2.6.1.3 without losing time; and if the upgrading isn't possible then they should disable the DCE/RPC preprocessor. The disabling instructions are available on the company website.

The French Security Incident Response Team (FrSIRT) said the flaw was a critical buffer overflow inclusive to the DCE/RPC preprocessor emerging as a result of certain functions processing malicious data. Attackers could exploit it and compromise a weak system by running specially crafted program packages to a network that a vulnerable application monitors.

In January 2007, researchers uncovered a hole in Snort version 2.4.3 that could enable a DoS attack. The hole was plugged in version 2.6.1, said Secunia.

Related article: Srizbi Botnet - Deliverer of the Largest Spam

ยป SPAMfighter News - 03-03-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next