[ISN] Snort Bug Exploit Shows Up

InfoSec News isn at c4i.org
Thu Oct 27 03:10:13 EDT 2005


http://www.informationweek.com/story/showArticle.jhtml?articleID=172900617

By Gregg Keizer 
TechWeb News 
Oct. 26, 2005 

A working exploit for last week's Snort vulnerability has been
released, a security vendor said Wednesday, but any attack should be
short-lived and probably feeble.

The vulnerability in Snort, an open-source intrusion detection system
(IDS) used by more than 100,000 companies and government agencies to
defend networks, was unveiled last Wednesday, and simultaneously
patched. Because Snort's ubiquitous in enterprises -- and used in
nearly four dozen commercial IDS products -- experts cautioned
companies to patch as soon as possible, because and exploit might
spread very quickly, and resemble some of the worst worms ever,
including 2003's Slammer.

According to a bulletin issued by Symantec, an exploit targeting Snort
running on Linux with the 2.6 kernel has been published by The
Hacker's Choice (THC); Symantec's research team has also confirmed
that the exploit works.

Not all is doom and gloom, however.

"The return addresses used by the exploit will probably only bind the
shell on a limited number of systems; causing a denial of service
condition on others," read Symantec's warning.

"It required system specific return addresses to be supplied to
successfully exploit the vulnerability," Symantec said.





More information about the ISN mailing list