I just found out about the vulnerability in Snort DCE/RPC Preprocessor. This preprocessor is vulnerable to a stack-based buffer overflow that could potentially allow attackers to execute code with the same privileges as the Snort binary.
It affected the followings :
- Snort 2.6.1, 22.214.171.124, and 126.96.36.199
- Snort 2.7.0 beta 1
- Open-source Snort 2.6.1.x users are advised to upgrade to Snort 188.8.131.52 (or later) immediately.
- Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor in snort.conf file. This issue will be resolved in Snort 2.7 beta 2.