Possible Evasion in Snort Multi Pattern Algorithm

[bmc () snort org]

The Sourcefire Vulnerability Research Team has discovered a bug in the
default wu-manber multi-pattern algorithm in Snort. This vulnerability
could allow an attacker to potentially evade Snort. The Snort Team is
currently working on the Snort 2.4 release, in which the default
multi-pattern match algorithm will be Aho-Corasick.

Until the next release of Snort is available, users can update their
Snort configuration to use a different algorithm. To update your Snort
configuration, add the following line to snort.conf:

   config detection: search-method ac 

Sincerely,
Brian Caswell


-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users