Linux Today: Linux News On Internet Time.

More on LinuxToday

IDG: ISS Reports Snort Vulnerability

Mar 05, 2003, 17:30 (2 Talkback[s])
(Other stories by Paul Roberts)

[ Thanks to Jason Greenwood for this link. ]

"A software vulnerability in the widely used Snort open-source intrusion detection system (IDS) software could allow an attacker to crash the Snort sensor or gain control of the host device on which the sensor runs.

"Snort serves as the basis for commercial IDS products such as those produced by Sourcefire Inc. and can be used to detect a wide range of network attacks and probes, such as attempted buffer overflows and port scans.

"A buffer overflow vulnerability was found in code used by Snort to detect an attack technique called RPC (remote procedure call) fragmentation. RPC fragmentation can be used to evade intrusion detection systems, according to an advisory reported Monday by security vendor Internet Security Systems Inc. (ISS)..."

Complete Story

Related Stories: