Tuesday, February 20, 2007

Vulnerability in Snort DCE/RPC Preprocessor

I just found out about the vulnerability in Snort DCE/RPC Preprocessor. This preprocessor is vulnerable to a stack-based buffer overflow that could potentially allow attackers to execute code with the same privileges as the Snort binary.

It affected the followings :

  • Snort 2.6.1, 2.6.1.1, and 2.6.1.2
  • Snort 2.7.0 beta 1
Recommended Actions:
  • Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately.
  • Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor in snort.conf file. This issue will be resolved in Snort 2.7 beta 2.

Posted by Tedi Heriyanto at 11:08 Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)