Published: 2005-10-18
The U.S. Computer Emergency Readiness Team (CERT) announced today that the open-source IDS software, widely deployed in corporations and governments, was vulnerable to a buffer overflow in the preprocessor component it uses to detect the Back Orifice Trojan. When used by an attacker, the vulnerability will lead to full compromise of the Snort daemon, and full system compromise of a typical Snort installation.
Originally found by ISS, the vulnerability is considered, "trivially exploitable," and affected users are urged to upgrade immediately. Affected systems include Snort versions 2.4.0 to 2.4.2 and all Sourcefire Intrusion Sensors that use the Back Orifice preprocessor.
Snort is a security application used to detect and prevent network instrusion attempts, and is typically put at critical points in an organization's network security infrastructure. It is open-source software licensed under the GPL by Sourcefire, which recently announced it was being aquired by CheckPoint.
Posted by: Kelly Martin
