This Metasploit module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests, which may result a stack-based buffer overflow with a specially crafted packet sent on a network that is monitored by Snort. Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6. Any host on the Snort network may be used as the remote host. The remote host does not need to be running the SMB service for the exploit to be successful.
4831463187a96ae8a63ec6bde91a0cbca65b38578ad54e60da0525ce6c81e52a
Gentoo Linux Security Advisory GLSA 200703-01 - The Snort DCE/RPC preprocessor does not properly reassemble certain types of fragmented SMB and DCE/RPC packets. Versions less than 2.6.1.3 are affected.
99507aca92ca229eb2729ba7030aca79d9b1f335fbe3a25202f659984e2d7a69
Snort version 2.6.1 DCE/RPC Preprocessor remote buffer overflow denial of service exploit.
da1bc87a6c602c32578a4597492e36d27fd77a4063f944c9e22bf11fdc35da81
Technical Cyber Security Alert TA07-050A - A stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Snort process.
e32bdc2aaf40eca3df98337e15f1c09bacbaac00e0059399fcd3bad10dcab52a
Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. This preprocessor is vulnerable to a stack-based buffer overflow that could potentially allow attackers to execute code with the same privileges as the Snort binary. Sourcefire has prepared updates for Snort open-source software to address this issue. Snort Versions affected include Snort 2.6.1, 2.6.1.1, and 2.6.1.2 and Snort 2.7.0 beta 1.
fef4c3ca73f6930bc8ba37134b82478ff1597215d11e0f89b9720b92fc811722