Well, at least Sourcefire was able to discover this bug on its own. A stack-based buffer overflow attack can be carried out by presenting a Snort instance with specially crafted DCE/RPC traffic. It’s recommended that all users upgrade to the latest version (2.6.1.3), or at least disable the DCE/RPC preprocessor in snort.conf. It’s nice to see a company fully disclose, and quickly patch, a vulnerability in their own product. As a leading security vendor, maybe Sourcefire will help set a precedent for others to follow in incidents like these.
Related posts:
