Snort RPC Vulnerability

From: Jason V. Miller (jmiller@securityfocus.com)
Date: 03/03/03

  • Next message: netsecurity: "Re: Snort RPC Vulnerability"
    Date: Mon, 3 Mar 2003 11:20:51 -0700
    From: "Jason V. Miller" <jmiller@securityfocus.com>
    To: Focus-IDS <focus-ids@securityfocus.com>
    
    

    Anyone using Snort might want to have a look at the latest ISS Advisory. There
    is a vulnerability in Snort 1.8.0 - 1.9.0 in the RPC preprocessor, which may
    ultimately allow a remote attacker to execute arbitrary code on a vulnerable
    host.

    Internet Security Systems Security Advisory
    Snort RPC Preprocessing Vulnerability
    http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951

    The Snort team has released a new version, 1.9.1, which contains fixes for this
    issue. Users not wishing to upgrade may disable the RPC preprocessor in their
    snort.conf configs.

    Check out the Snort Web site:
    http://www.snort.org/

    Version 1.9.1, which contains fixes for this issue, is available here:
    http://www.snort.org/dl/snort-1.9.1.tar.gz

    Regards,

    -- 
    Jason V. Miller, Threat Analyst
    Symantec, Inc. - www.symantec.com
    E-Mail:	jmiller@securityfocus.com
    -----------------------------------------------------------
    <Pre>Lose another weekend managing your IDS?
    Take back your personal time.
    15-day free trial of StillSecure Border Guard.</Pre>
    <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
    

  • Next message: netsecurity: "Re: Snort RPC Vulnerability"

    Relevant Pages

    • Snort RPC Vulnerability (fwd)
      ... Anyone using Snort might want to have a look at the latest ISS Advisory. ... Snort RPC Preprocessing Vulnerability ... Users not wishing to upgrade may disable the RPC preprocessor in their ...
      (Bugtraq)
    • [UNIX] Snort Back Orifice Preprocessor Buffer Overflow Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Snort is a widely-deployed, open-source network ... The vulnerable code will process any UDP packet that is not destined to or ... The Snort Back Orifice preprocessor vulnerability can be triggered with a ...
      (Securiteam)
    • [Full-Disclosure] Fwd: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors
      ... CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors ... each in a separate preprocessor module. ... exploitable heap overflow in the Snort "stream4" preprocessor module. ... To exploit this vulnerability, an attacker must disrupt the state ...
      (Full-Disclosure)
    • [Full-Disclosure] GLSA: snort (200304-05)
      ... "The Sourcefire Vulnerability Research Team has learned of an integer overflow ... in the Snort stream4 preprocessor used by the Sourcefire Network Sensor ...
      (Full-Disclosure)
    • [Full-Disclosure] GLSA: snort (200304-06)
      ... "The Sourcefire Vulnerability Research Team has learned of an integer overflow ... in the Snort stream4 preprocessor used by the Sourcefire Network Sensor ... This attack can be launched ...
      (Full-Disclosure)