Snort Bug Exploit Shows Up

[InfoSec News <isn () c4i org>]

http://www.informationweek.com/story/showArticle.jhtml?articleID=172900617

By Gregg Keizer 
TechWeb News 
Oct. 26, 2005 

A working exploit for last week's Snort vulnerability has been
released, a security vendor said Wednesday, but any attack should be
short-lived and probably feeble.

The vulnerability in Snort, an open-source intrusion detection system
(IDS) used by more than 100,000 companies and government agencies to
defend networks, was unveiled last Wednesday, and simultaneously
patched. Because Snort's ubiquitous in enterprises -- and used in
nearly four dozen commercial IDS products -- experts cautioned
companies to patch as soon as possible, because and exploit might
spread very quickly, and resemble some of the worst worms ever,
including 2003's Slammer.

According to a bulletin issued by Symantec, an exploit targeting Snort
running on Linux with the 2.6 kernel has been published by The
Hacker's Choice (THC); Symantec's research team has also confirmed
that the exploit works.

Not all is doom and gloom, however.

"The return addresses used by the exploit will probably only bind the
shell on a limited number of systems; causing a denial of service
condition on others," read Symantec's warning.

"It required system specific return addresses to be supplied to
successfully exploit the vulnerability," Symantec said.



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org