Discovered by Neel Mehta from IBM's X-Force, the flaw exists in the Snort DCE/RPC pre-processor.
A remote attacker could cause a buffer overflow and execute arbitrary code with root or system privileges by sending specially-crafted Server Message Block traffic to a vulnerable system.
Server Message Block is a protocol for sharing files, printers, serial ports and communications between computers.
This bug affects Snort 2.6.1, 126.96.36.199, 188.8.131.52 and Snort 2.7.0 beta 1. An update is available to correct the problem.
Snort advises users who cannot upgrade immediately to disable the DCE/RPC pre-processor by removing the directives from snort.conf and restarting Snort.
However, it should be noted that disabling this pre-processor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should re-enable the DCE/RPC pre-processor.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago