Sourcefire VRT rules update addresses remote stack buffer overflow in rule 3:20275

SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sourcefire VRT rules update addresses remote stack buffer overflow in rule 3:20275
Sourcefire VRT released a rules update on 17 JAN that included what they refer to as "a potential security issue with rule 3:20275 reported by Tavis Ormandy." Tavis' Tweet states that "today's snort rules fix a remote stack buffer overflow I found in rule 20275. Fixed by @sourcefire in just 48hrs. http://bit.ly/STm7Ij" Fast turnaround by the Sourcefire gang. Here's the diff for the fix: Compare: (<)D:\so_rules\src\netbios_kb961501-smb-printss-reponse.c (10885 bytes) with: (>)D:\so_rules\src\netbios_kb961501-smb-printss-reponse.c (10923 bytes) Change 1: < 2, /* revision / --- > 3, / revision / Change 2:* > #define NUM_ARRAYS 20 Change 3: < u_int8_t check_array[10]; --- > u_int8_t check_array[NUM_ARRAYS]; Change 4: < if(arrays > 20) { --- > if(arrays > NUM_ARRAYS) { Russ McRee \| @holisticinfosec	Russ McRee 204 Posts ISC Handler Jan 18th 2013
Thread locked Subscribe	Jan 18th 2013 9 years ago