Skip navigation

Buffer Overflow Vulnerability in Snort and Sourcefire

Neel Metha of Internet Security Systems' (ISS) X-Force discovered a buffer overflow vulnerability in Snort, which according to ISS also affects Sourcefire--the commercial version of Snort. The vulnerability exists in the Back Orifice pre-processor and can be exploited with a single UDP packet. Such a packet could be sent directly to a system running Snort or Sourcefire. Because the tools can also inspect all traffic passing into a network an exploit might also be possible by sending a special UDP packet into a network protected by the tools.

Systems that do not use the Back Orifice pre-processor are not affected. Snort 2.4.3 was released to correct the problem. For more details about the problem in Snort read the announcement on the Web site and ISS' advisory . At the time of this writing no information was available about updates to Sourcefire.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.