We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Snort Suffers from 'Trivially Exploitable' Hole

Snort Suffers from 'Trivially Exploitable' Hole

Thursday Oct 20th 2005 by Michael Hall

The popular Snort intrusion detection system has a vulnerability that opens systems to potential root exploits.

A bit of functionality designed to detect a venerable Windows back door has prompted security researchers to warn of a potential root compromise in the Snort intrusion detection package.

According to an advisory released by Internet Security Systems (ISS), a vulnerability in Snort’s Back Orifice pre-processor opens the system running the software to remote attack and exploit. Back Orifice is a remote management tool that first surfaced in 1998, allowing users to control Windows systems. It has seen common use as a surreptitiously installed back door.

The firm said the vulnerability, triggerable with a single UDP packet, is "trivially exploitable."

The vulnerability can be easily mitigated by disabling the Back Orifice pre-processor, which is accomplished by commenting out the line preprocessor bo in the snort.conf configuration file.

Security firm Secunia has rated the vulnerability "highly critical," and recommended users immediately update to Snort v2.4.3.

In addition to the basic Snort application, a number of software packages and applications that use the open source Snort software share the vulnerability.

Mobile Site | Full Site
Copyright 2018 © QuinStreet Inc. All Rights Reserved