Personal Tech Pipeline | Snort Exploit Close At Hand

White Papers

Sponsor Resources

Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

October 20, 2005

Snort Exploit Close At Hand

Courtesy of TechWeb News

Creating an exploit for the serious Snort intrusion detection system vulnerability announced earlier this week takes just two hours, a security researcher said Thursday, making it imperative that users patch or apply a work-around immediately.

"We're very close to full exploitation," wrote SANS Internet Storm Center (ISC) researcher Ed Skoudis Thursday. "Shut off that darn preprocessor ASAP. Check with your vendors if you suspect your commercial product may have Snort code."

Also on Thursday, another ISC researcher claimed he had assembled a working exploit against the Snort vulnerability in two hours, although he was not going to release it to the public.

Sourcefire, the developer of Snort, however, thinks that such dire warnings are unnecessary at this point. "It's more of a non-issue now," said Michele Perry, the head of marketing at Sourcefire. "All customers have had access to a patch [since Tuesday], or they've had instructions on how to turn off the preprocessor that's vulnerable."

To an extent, the ISC agreed: it lowered its Infocon alert from "Yellow" to "Green" on Thursday, saying on its site that "if you haven't shut off the Back Orifice preprocessor by now or come up with another work-around, you probably aren't going to in the near future."

A poster to the Full Disclosure security mailing list, however, said Wednesday that he'd made progress on an exploit which would work as a plug-in to the Metaploit framework, a break-in tool that runs on Unix.

"Attached some in-progress code for the snort bug," wrote someone identified as "HD Moore. "Any ideas on making this more reliable?"

The vulnerability is in a Snort preprocessor used to detect the older Back Orifice Trojan. A single UDP packet can trigger a stack-based overflow, allowing an attacker to fully compromise a system or appliance running Snort or Sourcefire.

Snort is an open-source intrusion detection system (IDS) used by more than 100,000 companies and government agencies to defend networks, according to its developer, Sourcefire. The Snort code is also tucked inside at least 45 commercially-sold IDS appliances.

"If we haven't said it loudly enough already, upgrade your Snort sensors or disable the Back Orifice preprocessor if running the vulnerable versions of Snort 2.4," the ISC advised in a follow-up warning Thursday.

E-mail This Story
Print This Story
Reprint This Story

Get the latest Personal Tech news, product info, and trends every week.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed

<A HREF=";FlightID=43527&amp;AdID=86369&amp;TargetID=3743&amp;Segments=1411,1892,2691,3108,3448,4526,4760&amp;Targets=1491,2625,2878,3743&amp;Values=34,46,51,63,77,85,90,100,140,222,227,399,442,645,646,659,1184,1405,1431,1716,1767,1785,1798,1901,1925,1945,1970,2217,2299,2310,2329,2352,2678,2787,2862,2878,2956,3229,3347,3385&amp;RawValues=&amp;Redirect=" target="_top"><IMG SRC="" WIDTH=300 HEIGHT=250 BORDER=0></A>

Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
How to Achieve High Performance Through IT
Learn to achieve high performance by aligning IT to
strategic objectives and solutions to unlock that value.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?

In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.

On the CIO Agenda with IBM
With business growth back on the agenda, the role of the CIO is changing from manager of technology to C-suite collaborator in enabling innovation that matters for the business. Read an executive summary and register to download the full IBM paper.

Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

SEC & HIPAA IM Compliance
Satisfy regulatory and compliance requirements for instant messaging.

Secure & Easy Console Management with Digi CM
The Digi CM console server provides secure, intelligent & easy access to network devices with a serial console port. With Digi CM, you can securely monitor & control servers, routers, switches & other devices even when your network is down.

Learn how much you save with open source.
Find out how much of a financial impact open source can have on your enterprise. Get these tools now, compliments of JBoss. Go!

Buy a Link Now

Top ten search terms from the TechWeb TechEncyclopedia
How does your pay rate? Check the InformationWeek Salary Survey
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia