exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

snort-preprocessor.txt

snort-preprocessor.txt
Posted Feb 20, 2007
Site snort.org

Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. This preprocessor is vulnerable to a stack-based buffer overflow that could potentially allow attackers to execute code with the same privileges as the Snort binary. Sourcefire has prepared updates for Snort open-source software to address this issue. Snort Versions affected include Snort 2.6.1, 2.6.1.1, and 2.6.1.2 and Snort 2.7.0 beta 1.

tags | advisory, overflow
advisories | CVE-2006-5276
SHA-256 | fef4c3ca73f6930bc8ba37134b82478ff1597215d11e0f89b9720b92fc811722

snort-preprocessor.txt

Change Mirror Download
February 19, 2007

Summary:

Sourcefire has learned of a remotely exploitable vulnerability in the
Snort DCE/RPC preprocessor. This preprocessor is vulnerable to a
stack-based buffer overflow that could potentially allow attackers to
execute code with the same privileges as the Snort binary. Sourcefire
has prepared updates for Snort open-source software to address this issue.

This vulnerability has been identified as CVE-2006-5276.


Snort Versions Affected:

* Snort 2.6.1, 2.6.1.1, and 2.6.1.2
* Snort 2.7.0 beta 1

This vulnerability also affects Sourcefire commercial products. For
information and updates for Sourcefire products, please go to the
Sourcefire support site.


Mitigating Factors:

Users who have disabled the DCE/RPC preprocessor are not vulnerable.
However, the DCE/RPC preprocessor is enabled by default.


Recommended Actions:

* Open-source Snort 2.6.1.x users are advised to upgrade to Snort
2.6.1.3 (or later) immediately.
* Open-source Snort 2.7 beta users are advised to mitigate this issue by
disabling the DCE/RPC preprocessor.
This issue will be resolved in Snort 2.7 beta 2.


Workarounds:

Snort users who cannot upgrade immediately are advised to disable the
DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives
from snort.conf and restarting Snort. However, be advised that disabling
the DCE/RPC preprocessor reduces detection capabilities for attacks in
DCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC
preprocessor.


Detecting Attacks Against This Vulnerability:

Sourcefire will be releasing a rule pack that provides detection for
attacks against this vulnerability.


FAQs:

What does the update do?
- Snort 2.6.1.3 (or later) removes the vulnerability by correcting the
buffer overflow condition in the DCE/RPC preprocessor.

Has Sourcefire received any reports that this vulnerability has been
exploited?
- No. Sourcefire has not received any reports that this vulnerability
has been exploited.


Acknowledgments:

Sourcefire would like to thank Neel Mehta from IBM X-Force for reporting
this issue and working with us to resolve it.


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close