All the latest UK technology news, reviews and analysis
|
|
|
22 Feb 2007
A security vulnerability has been discovered in the Snort open source intrusion detection system.
Discovered by Neel Mehta from IBM's X-Force, the flaw exists in the Snort DCE/RPC pre-processor.
A remote attacker could cause a buffer overflow and execute arbitrary code with root or system privileges by sending specially-crafted Server Message Block traffic to a vulnerable system.
Server Message Block is a protocol for sharing files, printers, serial ports and communications between computers.
This bug affects Snort 2.6.1, 2.6.1.1, 2.6.1.2 and Snort 2.7.0 beta 1. An update is available to correct the problem.
Snort advises users who cannot upgrade immediately to disable the DCE/RPC pre-processor by removing the directives from snort.conf and restarting Snort.
However, it should be noted that disabling this pre-processor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should re-enable the DCE/RPC pre-processor.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
My London client is looking for an experienced Programme...
My leading client is looking for a number of excellent...
My client, a leading international name in Manufacturing...
My client is looking for an Automated Engineer/Developer...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?