Reported April 16, 2003, by Bruce Leidl, Juan Pablo Martinez Kuhn and Alejandro David Weil from Core Security Technologies
VERSIONS AFFECTED
· Snort 2.0 versions prior to Release Candidate 1 (RC1)
· Snort 1.9.x and 1.8.x
· IDSs and other security appliances that have embedded Snort technology
DESCRIPTION
The Snort Intrusion Detection System (IDS) includes a "stream4 preprocessor" module that reassembles packets before inspecting them. The module contains a buffer-overflow condition that can permit a remote attacker to execute arbitrary commands on a system that runs Snort or launch a Denial of Service (DoS) attack against Snort. In either case, the vulnerability can let intruders evade IDS detection.
VENDOR RESPONSE
The vendor has released Snort 2.0 to correct the problem.
CREDIT
Discovered by Bruce Leidl, Juan Pablo Martinez Kuhn and Alejandro David Weil from Core Security Technologies
Reported April 16, 2003, by Bruce Leidl, Juan Pablo Martinez Kuhn and Alejandro David Weil from Core Security Technologies
VERSIONS AFFECTED
· Snort 2.0 versions prior to Release Candidate 1 (RC1)
· Snort 1.9.x and 1.8.x
· IDSs and other security appliances that have embedded Snort technology
DESCRIPTION
The Snort Intrusion Detection System (IDS) includes a "stream4 preprocessor" module that reassembles packets before inspecting them. The module contains a buffer-overflow condition that can permit a remote attacker to execute arbitrary commands on a system that runs Snort or launch a Denial of Service (DoS) attack against Snort. In either case, the vulnerability can let intruders evade IDS detection.
VENDOR RESPONSE
The vendor has released Snort 2.0 to correct the problem.
CREDIT
Discovered by Bruce Leidl, Juan Pablo Martinez Kuhn and Alejandro David Weil from Core Security Technologies