ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Snort hit by vulnerability

Richard Thurston ZDNet.co.uk

Published: 21 Feb 2007 11:50 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Snort, the open-source intrusion-detection software, is vulnerable to hackers, its developers revealed this week.

Snort's popularity has grown as many businesses have been tempted away from expensive proprietary intrusion-detection systems. Snort's advocates argue that it is more secure than products created by the likes of Cisco and other network equipment vendors, as its code is open for developers to both find and fix flaws.

But on Monday, Sourcefire — the company behind Snort — said that hackers could potentially execute malicious code on a system running Snort and gain access to confidential data.

The vulnerability was reported to Sourcefire by Internet Security Systems (ISS), the security arm of IBM.

Reporting the weakness, an ISS report said: "Snort IDS and Sourcefire Intrusion Sensor IDS/IPS [intrusion-detection/prevention system] are vulnerable to a stack-based buffer overflow, which can result in remote code execution... Compromise of machines using affected versions of Snort or Sourcefire may lead to exposure of confidential information, loss of productivity and further compromise. Successful exploitation of this vulnerability results in remote code execution with the privilege level of Snort, usually root or system."

ISS said the following products are affected:  

  • Snort 2.6.1, 2.6.1.1, and 2.6.1.2
  • Snort 2.7.0 beta 1
  • Sourcefire Intrusion Sensors versions 4.1.x, 4.5.x, and 4.6.x with SEUs prior to SEU 64
  • Sourcefire Intrusion Sensor Software for Crossbeam versions 4.1.x, 4.5.x and 4.6.x with SEUs prior to SEU 64

Snort said users of version 2.6.1.1 and 2.6.1.2 should upgrade to 2.6.1.3l, which is not vulnerable. Users of version 2.7 should disable the DCE/RPC preprocessor, the program that contains the vulnerability. Version 2.7 is currently in beta, and the issue will be resolved in a second beta version, Snort said.

Cisco was hit by several vulnerabilities last week, including one that allows hackers to circumvent the IPS protection in its routers.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Kyocera

Did you find this article useful?
10 out of 10 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Algorithmic Execution Strategist - Tier 1 Bank (director level)

A Top Tier US Investment Bank is currently looking for an algorithmic Execution Strategist to join the FX E-Commerce business. The role will involve ...

Software Tester, Warwickshire, 25-30k

You will be responsible to plan, execute and document systems testing on a variety of projects and provide assistance and advice to clients and ...

Software Engineer - Fixed Income Auto Execution (FIET) - C++, UNIX (Solaris), STL, Multi-threading - London, South East

Software Engineer - Fixed Income Auto Execution (FIET) - C++, UNIX (Solaris), STL, Multi-threading - London, South East The Fixed Income Auto ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Biometric devices. Do you need one?

When saying “biometrics” I am not thinking about law enforcement, AFIS systems, national ID and visa projects. I first think about personal solutions that will make my life easier.... More

1 comment

Barracuda launches counter-suit agains...

Court cases are never pleasant or simple. The ongoing battle between security companies Trend Micro and Barracuda Networks took a new twist on Wednesday, when Barracuda launched a counter-suit... More

Post a comment

Mobile Speed Demon: Wireless Surpasses...

Mobile Speed Demon: Wireless Surpasses Landline Author: Eric Everson, Founder MyMobiSafe.com As I look around my house and throughout my network of friends, I instantly realize... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers