Advertisement
Promo

Security threats Toolkit

Snort hit by vulnerability

Richard Thurston ZDNet.co.uk

Published: 21 Feb 2007 11:50 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Snort, the open-source intrusion-detection software, is vulnerable to hackers, its developers revealed this week.

Snort's popularity has grown as many businesses have been tempted away from expensive proprietary intrusion-detection systems. Snort's advocates argue that it is more secure than products created by the likes of Cisco and other network equipment vendors, as its code is open for developers to both find and fix flaws.

But on Monday, Sourcefire — the company behind Snort — said that hackers could potentially execute malicious code on a system running Snort and gain access to confidential data.

The vulnerability was reported to Sourcefire by Internet Security Systems (ISS), the security arm of IBM.

Reporting the weakness, an ISS report said: "Snort IDS and Sourcefire Intrusion Sensor IDS/IPS [intrusion-detection/prevention system] are vulnerable to a stack-based buffer overflow, which can result in remote code execution... Compromise of machines using affected versions of Snort or Sourcefire may lead to exposure of confidential information, loss of productivity and further compromise. Successful exploitation of this vulnerability results in remote code execution with the privilege level of Snort, usually root or system."

ISS said the following products are affected:  

  • Snort 2.6.1, 2.6.1.1, and 2.6.1.2
  • Snort 2.7.0 beta 1
  • Sourcefire Intrusion Sensors versions 4.1.x, 4.5.x, and 4.6.x with SEUs prior to SEU 64
  • Sourcefire Intrusion Sensor Software for Crossbeam versions 4.1.x, 4.5.x and 4.6.x with SEUs prior to SEU 64

Snort said users of version 2.6.1.1 and 2.6.1.2 should upgrade to 2.6.1.3l, which is not vulnerable. Users of version 2.7 should disable the DCE/RPC preprocessor, the program that contains the vulnerability. Version 2.7 is currently in beta, and the issue will be resolved in a second beta version, Snort said.

Cisco was hit by several vulnerabilities last week, including one that allows hackers to circumvent the IPS protection in its routers.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
13 out of 13 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

IDS/IPS Specialist/Analyst - Corsham

Security Manager - Intrusion Detection, ISO, Gloucestershire

SC Security Cleared penetration testers Contract Reading

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

4 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters