Buffer Overflow in Snort Intrusion Detection System

Reported April 16, 2003, by Bruce Leidl, Juan Pablo Martinez Kuhn and Alejandro David Weil from Core Security Technologies

 

 

VERSIONS AFFECTED

 

·         Snort 2.0 versions prior to Release Candidate 1 (RC1)

·         Snort 1.9.x and 1.8.x

·         IDSs and other security appliances that have embedded Snort technology

 

DESCRIPTION

 

The Snort Intrusion Detection System (IDS) includes a "stream4 preprocessor" module that reassembles packets before inspecting them. The module contains a buffer-overflow condition that can permit a remote attacker to execute arbitrary commands on a system that runs Snort or launch a Denial of Service (DoS) attack against Snort. In either case, the vulnerability can let intruders evade IDS detection.

 

VENDOR RESPONSE

 

The vendor has released Snort 2.0 to correct the problem.

 

CREDIT          

Discovered by Bruce Leidl, Juan Pablo Martinez Kuhn and Alejandro David Weil from Core Security Technologies

Reported April 16, 2003, by Bruce Leidl, Juan Pablo Martinez Kuhn and Alejandro David Weil from Core Security Technologies

 

 

VERSIONS AFFECTED

 

·         Snort 2.0 versions prior to Release Candidate 1 (RC1)

·         Snort 1.9.x and 1.8.x

·         IDSs and other security appliances that have embedded Snort technology

 

DESCRIPTION

 

The Snort Intrusion Detection System (IDS) includes a "stream4 preprocessor" module that reassembles packets before inspecting them. The module contains a buffer-overflow condition that can permit a remote attacker to execute arbitrary commands on a system that runs Snort or launch a Denial of Service (DoS) attack against Snort. In either case, the vulnerability can let intruders evade IDS detection.

 

VENDOR RESPONSE

 

The vendor has released Snort 2.0 to correct the problem.

 

CREDIT          

Discovered by Bruce Leidl, Juan Pablo Martinez Kuhn and Alejandro David Weil from Core Security Technologies

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish