Snort Vulnerabilities
Two vulnerabilities are reported recently. One is pertaining to Rule Matching Backtrack Denial of Service Vulnerability.  A attacker may cause denial of service, which could allow the remote user to evade detection. This issue is fixed in v2.6.1.

The other one, affecting Snort, is due to an integer underflow that may allow a remote attacker to cause Snort to read beyond a specified length of memory, potentially corrupting logfiles.

The system is only affected if you have compiled Snort to decode the Generic Routing Encapsulation (GRE) protocol. GRE is used to encapsulate arbitrary protocols to a remote host. The vulnerable code is not compiled by default.

Update: The "gre" decoder is usually not enabled by default. In order to enable it, you need to use the "--enable-gre" switch during "configure" to turn on the vulnerable  decoder. See the snort-users list for more details.

Sourcefire has released a fix for this vulnerability in Snort's current CVS tree.
Koon Yaw

68 Posts
Jan 14th 2007

Sign Up for Free or Log In to start participating in the conversation!