IDS mailing list archives

Re: Snort RPC Vulnerability

From: netsecurity <netsecurity () duracompanies com>
Date: Mon, 3 Mar 2003 14:03:25 -0500

If you are using a receive only cable does this still represent a
vulnerability?

Allen Taylor
_______________________
Network Security
Dura Builders
5740 Decatur Blvd.
Indianapolis, IN, 46241

(317) 821-1109 FAX

Monday, March 3, 2003, 1:20:51 PM, you wrote:

JVM> Anyone using Snort might want to have a look at the latest ISS Advisory. There
JVM> is a vulnerability in Snort 1.8.0 - 1.9.0 in the RPC preprocessor, which may
JVM> ultimately allow a remote attacker to execute arbitrary code on a vulnerable
JVM> host.

JVM> Internet Security Systems Security Advisory
JVM> Snort RPC Preprocessing Vulnerability
JVM> http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951

JVM> The Snort team has released a new version, 1.9.1, which contains fixes for this
JVM> issue. Users not wishing to upgrade may disable the RPC preprocessor in their
JVM> snort.conf configs.

JVM> Check out the Snort Web site:
JVM> http://www.snort.org/

JVM> Version 1.9.1, which contains fixes for this issue, is available here:
JVM> http://www.snort.org/dl/snort-1.9.1.tar.gz

JVM> Regards,


(C)opyright Dura Builders, ~2003~ Indianapolis, IN,  All Rights Reserved
-------------------------------------------------------------------------
The  information  contained  in   this  e-mail   message is confidential, 
intended   only  for the  use of  the  individual or  entity named above. 
If  the  reader  of this e-mail is  not  the  intended recipient,  or the 
employee or  agent  responsible to  deliver it to the intended recipient, 
you are hereby  notified  that any  review,  dissemination,  distribution 
or copying  of  this  communication  is strictly prohibited.  If you have 
received  this e-mail  in error,    contact netsecurity () duracompanies com
-------------------------------------------------------------------------

-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

Current thread:

Snort RPC Vulnerability Jason V. Miller (Mar 03)
- Re: Snort RPC Vulnerability netsecurity (Mar 03)
  - Re: Snort RPC Vulnerability Jason V. Miller (Mar 03)
  - RE: Snort RPC Vulnerability Rob Shein (Mar 03)
  - Re: Snort RPC Vulnerability Bennett Todd (Mar 03)
  - RE: Snort RPC Vulnerability Trey A Mujakporue (Mar 03)