In an interesting case of technical irony, a tool used to help security
professionals detect intrusions into their networks is in fact vulnerable to
intrusions itself.
US-CERT issued an advisory this week warning that the open source Snort intrusion detection system had a highly critical buffer overflow vulnerability that could allow an attacker to execute arbitrary code.
University of Tennessee | Office of Information Technology ::
Published five days a week, MacVolPlace seeks to provide its readers with news, features, reviews, CASPER is a System for Performing Enterprise Replication.
http://oit.utk.edu/macvolplace/oldnews/200306.shtmlHOME |
Snort is widely used and deployed in its open source form and as a
commercial product. Snort creator Martin Roesh founded Sourcefire in 2001 as a commercial vendor for Snort. In October, Check Point Software acquired Sourcefire for $225 million.
AntiOnline Security Spotlight - Antivirus Software - Latest Version ::
So why are they leaving a gaping hole open for spyware? to intrustion detection systems and basics on protecting your network with Snort.
http://latest-version.net/id/524/HOME |
members.tripod.com/tenchi14/ctw10.txt::
Ryoga hadnt given him so much as a snort in reply. backwards through the hole he had previously made Blows landed, yet neither would flinch or fall.
http://members.tripod.com/tenchi14/ctw10.txtHOME |
Sourcefire claims that Snort has been downloaded more than 2 million
times and is also included in over 40 commercially available intrusion detection systems.
Drowning Sorrows Book Two: Always a Thief Part One::
Mac opened the door, and Victor disarmed their security system. It had. been a long week. put behind them permanently, and he was still resenting the intrusion.
http://www.squidge.org/~lianne/oat/always1.htmHOME |
The reported vulnerability resides in Snort's Back Orifice pre-processor
and can be trigged by a single UDP (define) packet that triggers a stack-based overflow allowing the attacker to infiltrate the system.
"To exploit this vulnerability, an attacker does not need to send packets
directly to the Snort sensor," the US-CERT advisory states. "It is
sufficient to send packets to any of the hosts on the network monitored by
Snort."
According to SANS Internet Storm Center (ISC), exploits based on the vulnerability have already been published and range from remote code-execution exploits to DoS attacks.
SANS ISC noted that they the Snort vulnerability is a "big deal"
because it could potential lead to rapidly spreading worms since Snort is
very popular.
Snort users are being urged to update to the Snort v2.4.3, which was
released this week and fixes the vulnerability.
 New Year, New Look For PC-BSD
 Juniper Redefines Network Access Control
|
HOME