Snort's Intrusion System Blows a Hole

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
In an interesting case of technical irony, a tool used to help security professionals detect intrusions into their networks is in fact vulnerable to intrusions itself.

US-CERT issued an advisory this week warning that the open source Snort intrusion detection system had a highly critical buffer overflow vulnerability that could allow an attacker to execute arbitrary code.

Snort is widely used and deployed in its open source form and as a commercial product. Snort creator Martin Roesh founded Sourcefire in 2001 as a commercial vendor for Snort. In October, Check Point Software acquired Sourcefire for $225 million.

Sourcefire claims that Snort has been downloaded more than 2 million times and is also included in over 40 commercially available intrusion detection systems.

The reported vulnerability resides in Snort's Back Orifice pre-processor and can be trigged by a single UDP (define) packet that triggers a stack-based overflow allowing the attacker to infiltrate the system.

This article was first published on internetnews.com. To read the full article, click here.

Submit a Comment

Loading Comments...