RE: Snort RPC Vulnerability

["Trey A Mujakporue" <trey.trey () ntlworld com>]

Yes. A receive only cable does not protect you from an attacker who's
sole motive is to take out whatever IDS you may have out there. 
For instance, we all rely on our IDS to alert us in the event of an
attack or the symptoms of a coming attack. If an attacker managed to
kock out your IDS you would probably be none the wiser to the
forthcoming events.

Jmtpw.

Trey!

Sig://I was once attacked by a barrage of exploding guava's after
spending the night in Borneo.. to escape i slept in the pouch of a large
Marsupial, then sailed away in a Marzipan Canoe! 

-----Original Message-----
From: netsecurity [mailto:netsecurity () duracompanies com] 
Sent: 03 March 2003 19:03
To: Jason V. Miller
Cc: Focus-IDS
Subject: Re: Snort RPC Vulnerability


If you are using a receive only cable does this still represent a
vulnerability?

Allen Taylor
_______________________
Network Security
Dura Builders
5740 Decatur Blvd.
Indianapolis, IN, 46241

(317) 821-1109 FAX

Monday, March 3, 2003, 1:20:51 PM, you wrote:

JVM> Anyone using Snort might want to have a look at the latest ISS 
JVM> Advisory. There is a vulnerability in Snort 1.8.0 - 1.9.0 in the 
JVM> RPC preprocessor, which may ultimately allow a remote attacker to 
JVM> execute arbitrary code on a vulnerable host.

JVM> Internet Security Systems Security Advisory
JVM> Snort RPC Preprocessing Vulnerability 
JVM> http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=2
JVM> 1951

JVM> The Snort team has released a new version, 1.9.1, which contains 
JVM> fixes for this issue. Users not wishing to upgrade may disable the 
JVM> RPC preprocessor in their snort.conf configs.

JVM> Check out the Snort Web site:
JVM> http://www.snort.org/

JVM> Version 1.9.1, which contains fixes for this issue, is available 
JVM> here: http://www.snort.org/dl/snort-1.9.1.tar.gz

JVM> Regards,


(C)opyright Dura Builders, ~2003~ Indianapolis, IN,  All Rights Reserved
------------------------------------------------------------------------
-
The  information  contained  in   this  e-mail   message is
confidential, 
intended   only  for the  use of  the  individual or  entity named
above. 
If  the  reader  of this e-mail is  not  the  intended recipient,  or
the 
employee or  agent  responsible to  deliver it to the intended
recipient, 
you are hereby  notified  that any  review,  dissemination,
distribution 
or copying  of  this  communication  is strictly prohibited.  If you
have 
received  this e-mail  in error,    contact
netsecurity () duracompanies com
------------------------------------------------------------------------
-

-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";>
http://www.securityfocus.com/stillsecure </A>



-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>