IDG: ISS Reports Snort Vulnerability
Mar 05, 2003, 17:30 (2 Talkback[s])
(Other stories by Paul Roberts)
[ Thanks to Jason
Greenwood for this link. ]
"A software vulnerability in the widely used Snort open-source
intrusion detection system (IDS) software could allow an attacker
to crash the Snort sensor or gain control of the host device on
which the sensor runs.
"Snort serves as the basis for commercial IDS products such as
those produced by Sourcefire Inc. and can be used to detect a wide
range of network attacks and probes, such as attempted buffer
overflows and port scans.
"A buffer overflow vulnerability was found in code used by Snort
to detect an attack technique called RPC (remote procedure call)
fragmentation. RPC fragmentation can be used to evade intrusion
detection systems, according to an advisory reported Monday by
security vendor Internet Security Systems Inc. (ISS)..."