RE: Snort RPC Vulnerability
From: Rob Shein (shoten@starpower.net)
Date: 03/03/03
- Previous message: Jason V. Miller: "Re: Snort RPC Vulnerability"
- In reply to: netsecurity: "Re: Snort RPC Vulnerability"
- Next in thread: Bennett Todd: "Re: Snort RPC Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Rob Shein" <shoten@starpower.net> To: "'netsecurity'" <netsecurity@duracompanies.com>, "'Jason V. Miller'" <jmiller@securityfocus.com> Date: Mon, 3 Mar 2003 14:10:25 -0500
I would say yes...in the academic sense. You can still compromise the
machine, but the question becomes that of "is the machine able to call
home?" If not, then you have control of a system that you cannot control,
so to say, in much of a meaningful fashion.
> -----Original Message-----
> From: netsecurity [mailto:netsecurity@duracompanies.com]
> Sent: Monday, March 03, 2003 2:03 PM
> To: Jason V. Miller
> Cc: Focus-IDS
> Subject: Re: Snort RPC Vulnerability
>
>
> If you are using a receive only cable does this still
> represent a vulnerability?
>
> Allen Taylor
> _______________________
> Network Security
> Dura Builders
> 5740 Decatur Blvd.
> Indianapolis, IN, 46241
>
> (317) 821-1109 FAX
>
> Monday, March 3, 2003, 1:20:51 PM, you wrote:
>
> JVM> Anyone using Snort might want to have a look at the latest ISS
> JVM> Advisory. There is a vulnerability in Snort 1.8.0 - 1.9.0 in the
> JVM> RPC preprocessor, which may ultimately allow a remote
> attacker to
> JVM> execute arbitrary code on a vulnerable host.
>
> JVM> Internet Security Systems Security Advisory
> JVM> Snort RPC Preprocessing Vulnerability
> JVM>
> http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?
oid=2
JVM> 1951
JVM> The Snort team has released a new version, 1.9.1, which contains
JVM> fixes for this issue. Users not wishing to upgrade may disable the
JVM> RPC preprocessor in their snort.conf configs.
JVM> Check out the Snort Web site:
JVM> http://www.snort.org/
JVM> Version 1.9.1, which contains fixes for this issue, is available
JVM> here: http://www.snort.org/dl/snort-1.9.1.tar.gz
JVM> Regards,
(C)opyright Dura Builders, ~2003~ Indianapolis, IN, All Rights Reserved
-------------------------------------------------------------------------
The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution
or copying of this communication is strictly prohibited. If you have
received this e-mail in error, contact netsecurity@duracompanies.com
-------------------------------------------------------------------------
-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure">
http://www.securityfocus.com/stillsecure </A>
-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
- Previous message: Jason V. Miller: "Re: Snort RPC Vulnerability"
- In reply to: netsecurity: "Re: Snort RPC Vulnerability"
- Next in thread: Bennett Todd: "Re: Snort RPC Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
