Back Orifice problems lead to pain for Snort

Dawn Kawamoto CNET News

Published: 27 Oct 2005 09:45 BST

An exploit has been published that could take advantage of a flaw in Snort, a popular open source intrusion protection system, according to a security group.

The exploit code, published on the Web by FrSirt on Tuesday, demonstrates how vulnerabilities in a Snort sensor designed to detect an exploit tool called Back Orifice can be subject to a buffer overflow attack. Back Orifice is used by remote intruders to take control of compromised systems.

Last week, security experts warned of flaws in systems running Snort 2.4.0 and higher. The vulnerabilities could allow an attacker to send a malicious packet through a network that is using Snort to guard against Back Orifice.

Available for free, Snort software is estimated to have more than 100,000 active users, according to figures from Sourcefire, the software's developer. Sourcefire has issued a patch, Snort version 2.4.3, to address the problem. Sourcefire also advised people to disable the Back Orifice preprocessor in Snort if they are running it on vulnerable versions of the software.

Meanwhile, a tool to guard against the exploit has also been developed by an incident handler at the Internet Storm Center, which tracks network threats.