IDG: ISS Reports Snort Vulnerability

[ Thanks to Jason Greenwood for this link. ]

"A software vulnerability in the widely used Snort open-source intrusion detection system (IDS) software could allow an attacker to crash the Snort sensor or gain control of the host device on which the sensor runs.

"Snort serves as the basis for commercial IDS products such as those produced by Sourcefire Inc. and can be used to detect a wide range of network attacks and probes, such as attempted buffer overflows and port scans.

"A buffer overflow vulnerability was found in code used by Snort to detect an attack technique called RPC (remote procedure call) fragmentation. RPC fragmentation can be used to evade intrusion detection systems, according to an advisory reported Monday by security vendor Internet Security Systems Inc. (ISS)..."

Complete Story

Related Stories:

• Help Net Security: Interview with Judy Novak, Co-author of "Network Intrusion Detection 3/e"(Feb 25, 2003)
• Linux Journal: Stealthful Sniffing, Intrusion Detection and Logging(Sep 16, 2002)
• Crossnodes: Use Snort for Lightweight Intrusion Detection(Jul 15, 2002)
• LinuxSecurity.com: Snort-Setup for Statistics HOWTO(Jan 04, 2002)