Snort Vulnerabilities

Published: 2007-01-13
Last Updated: 2007-01-14 22:56:17 UTC
by Koon Yaw Tan (Version: 3)
0 comment(s)
Two vulnerabilities are reported recently. One is pertaining to Rule Matching Backtrack Denial of Service Vulnerability.  A attacker may cause denial of service, which could allow the remote user to evade detection. This issue is fixed in v2.6.1.

http://www.snort.org/pub-bin/snortnews.cgi#591
http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf

The other one, affecting Snort 2.6.1.2, is due to an integer underflow that may allow a remote attacker to cause Snort to read beyond a specified length of memory, potentially corrupting logfiles.

The system is only affected if you have compiled Snort to decode the Generic Routing Encapsulation (GRE) protocol. GRE is used to encapsulate arbitrary protocols to a remote host. The vulnerable code is not compiled by default.

Sourcefire has released a fix for this vulnerability in Snort's current CVS tree.

http://labs.calyptix.com/advisories/CX-2007-01.txt

Update:

It has come to our attention that the GRE is not enabled by default.  Only those who have compiled with --enable-gre when compiling the snort 2.6.1.2 source tree will have this particular issue. We heavily recommend upgrading all versions to the current version as it is much faster and offers more functionality.  For more information on this, I would recommend checking out the Snort-Users mailing list.
Keywords:
0 comment(s)

Comments


Diary Archives