Sourcefire Inc. announced late Tuesday that it has released an updated version of its Snort intrusion detection system (IDS) that resolves a vulnerability in the product.
In a news release, the Columbia, Md.-based intrusion defense vendor said it worked with Pittsburgh, Pa.-based security services vendor VigilantMinds Inc. to identify a flaw in the popular open source tool and demonstrate how an exploit would allow malicious hackers to circumvent Snort monitoring. The new versions, Snort 2.6.0 and 2.4.5, are available via the Snort.org download site.
The security issue, first revealed last week, could allow malicious packets to damage Snort-protected computers if left unpatched. Though no exploit has been discovered in the wild, one vendor's advisory gave the flaw a 7.2 severity rating and 5.4 urgency, most likely due to Snort's widespread use.
Earlier this week, Chicago-based intrusion prevention system (IPS) firm AmbironTrustWave Corp. announced its own patch for the Snort flaw. Snort is used as a component of its ipANGEL product line.