Download our in-depth report: The Ultimate Guide to IT Security VendorsIn an interesting case of technical irony, a tool used to help security professionals detect intrusions into their networks is in fact vulnerable to intrusions itself.
US-CERT issued an advisory this week warning that the open source Snort intrusion detection system had a highly critical buffer overflow vulnerability that could allow an attacker to execute arbitrary code.
Snort is widely used and deployed in its open source form and as a commercial product. Snort creator Martin Roesh founded Sourcefire in 2001 as a commercial vendor for Snort. In October, Check Point Software acquired Sourcefire for $225 million.
Sourcefire claims that Snort has been downloaded more than 2 million times and is also included in over 40 commercially available intrusion detection systems.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i The reported vulnerability resides in Snort's Back Orifice pre-processor and can be trigged by a single UDP (define) packet that triggers a stack-based overflow allowing the attacker to infiltrate the system.