IDS mailing list archives

Snort RPC Vulnerability

From: "Jason V. Miller" <jmiller () securityfocus com>
Date: Mon, 3 Mar 2003 11:20:51 -0700

Anyone using Snort might want to have a look at the latest ISS Advisory. There
is a vulnerability in Snort 1.8.0 - 1.9.0 in the RPC preprocessor, which may
ultimately allow a remote attacker to execute arbitrary code on a vulnerable
host.

Internet Security Systems Security Advisory
Snort RPC Preprocessing Vulnerability
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951

The Snort team has released a new version, 1.9.1, which contains fixes for this
issue. Users not wishing to upgrade may disable the RPC preprocessor in their
snort.conf configs.

Check out the Snort Web site:
http://www.snort.org/

Version 1.9.1, which contains fixes for this issue, is available here:
http://www.snort.org/dl/snort-1.9.1.tar.gz

Regards,

-- 
Jason V. Miller, Threat Analyst
Symantec, Inc. - www.symantec.com
E-Mail: jmiller () securityfocus com

-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

Current thread:

Snort RPC Vulnerability Jason V. Miller (Mar 03)
- Re: Snort RPC Vulnerability netsecurity (Mar 03)
  - Re: Snort RPC Vulnerability Jason V. Miller (Mar 03)
  - RE: Snort RPC Vulnerability Rob Shein (Mar 03)
  - Re: Snort RPC Vulnerability Bennett Todd (Mar 03)
  - RE: Snort RPC Vulnerability Trey A Mujakporue (Mar 03)