System compromise in Snort

Posted: January 23, 2013 in Vulnerabilities
Tags: ,

Vulnerability

System compromise in Snort

Vulnerability: System compromise in Snort

Danger: Average
Patch: Yes
Number of vulnerabilities: 1

Vector operation: Local Network
Impact: System Compromise

Affected products: Snort 2.9.x

Affected versions: Snort 2.9.4.0, possibly other versions.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused due to a boundary error in the function ‘rule20275eval ()’ in the file netbios_kb961501-smb-printss-reponse.c processing DCE / RPC responses. This can be exploited to cause a buffer overflow on the stack.

Successful exploitation allows execution of arbitrary code, but requires that praavilo ‘3-20275′ was included.

Manufacturer URL: http://www.snort.org/

Solution: Install the update from the manufacturer.

links:

http://blog.snort.org/2013/01/sourcefire-vrt-certified-snort-rules_18.html
http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2013-01-17.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s