Snort RPC Vulnerability

From: Jason V. Miller (jmiller@securityfocus.com)
Date: 03/03/03

  • Next message: netsecurity: "Re: Snort RPC Vulnerability"
    Date: Mon, 3 Mar 2003 11:20:51 -0700
    From: "Jason V. Miller" <jmiller@securityfocus.com>
    To: Focus-IDS <focus-ids@securityfocus.com>
    
    

    Anyone using Snort might want to have a look at the latest ISS Advisory. There
    is a vulnerability in Snort 1.8.0 - 1.9.0 in the RPC preprocessor, which may
    ultimately allow a remote attacker to execute arbitrary code on a vulnerable
    host.

    Internet Security Systems Security Advisory
    Snort RPC Preprocessing Vulnerability
    http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951

    The Snort team has released a new version, 1.9.1, which contains fixes for this
    issue. Users not wishing to upgrade may disable the RPC preprocessor in their
    snort.conf configs.

    Check out the Snort Web site:
    http://www.snort.org/

    Version 1.9.1, which contains fixes for this issue, is available here:
    http://www.snort.org/dl/snort-1.9.1.tar.gz

    Regards,

    -- 
    Jason V. Miller, Threat Analyst
    Symantec, Inc. - www.symantec.com
    E-Mail:	jmiller@securityfocus.com
    -----------------------------------------------------------
    <Pre>Lose another weekend managing your IDS?
    Take back your personal time.
    15-day free trial of StillSecure Border Guard.</Pre>
    <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
    

  • Next message: netsecurity: "Re: Snort RPC Vulnerability"