Remote Vulnerability in Snort - Fix and Workaround Available

[Jennifer Steffens <jennifer.steffens () sourcefire com>]

Hey everyone,

A vulnerability was found in PrintTcpOptions() function located in 
snort-2.4.0/src/log.c that could allow an attacker to craft a malformed 
TCP/IP packet and potentially cause a DoS in Snort. This vulnerability 
is only present in the rare instances that Snort is run in verbose mode 
(using the switch -v).

Details:
An attacker can exploit this vulnerability with malicious TCP traffic 
containing a bad TCP SACK option causing the Snort engine to crash. 
Restarting Snort will cause the engine to return to normal functionality.

Fix and Workaround Details:
A fix for this vulnerability was checked into the Snort 2.4 CVS tree on 
August 23rd, 2005 and is available for download at 
http://www.snort.org/pub-bin/snapshots.cgi. This fix will also be 
included in the upcoming 2.4.1 release. Users who do not wish to upgrade 
can simply choose not to run Snort in verbose mode to avoid being 
vulnerable.

Questions? Let us know at snort-team () sourcefire com.

Thanks,
Jennifer


--
Jennifer Steffens
Director, Product Management - Snort
Sourcefire, Inc


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users