We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.

Snort's Intrusion System Blows a Hole

Download our in-depth report: The Ultimate Guide to IT Security Vendors

In an interesting case of technical irony, a tool used to help security professionals detect intrusions into their networks is in fact vulnerable to intrusions itself.

US-CERT issued an advisory this week warning that the open source Snort intrusion detection system had a highly critical buffer overflow vulnerability that could allow an attacker to execute arbitrary code.

Snort is widely used and deployed in its open source form and as a commercial product. Snort creator Martin Roesh founded Sourcefire in 2001 as a commercial vendor for Snort. In October, Check Point Software acquired Sourcefire for $225 million.

Sourcefire claims that Snort has been downloaded more than 2 million times and is also included in over 40 commercially available intrusion detection systems.

The reported vulnerability resides in Snort's Back Orifice pre-processor and can be trigged by a single UDP (define) packet that triggers a stack-based overflow allowing the attacker to infiltrate the system.

This article was first published on internetnews.com. To read the full article, click here.

Submit a Comment

Loading Comments...